From 89db20c35cdd8c0918f7b6307c4cbda818e9a214 Mon Sep 17 00:00:00 2001 From: Himanshu Singh Date: Mon, 24 Nov 2025 17:05:48 +0100 Subject: [PATCH] chore: add guidelines to lock down the directory paths --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d16928200..6d43329b6 100644 --- a/README.md +++ b/README.md @@ -406,6 +406,8 @@ When using the `disk` logger, log files are stored in: You can override the log directory with the `logPath` option. +> **🔒 Security Guideline:** The user account running the MCP server must have both read and write permissions to the `logPath` directory. Ensure this directory is properly secured with appropriate file system permissions to prevent unauthorized access to log files. + #### Disabled Tools You can disable specific tools or categories of tools by using the `disabledTools` option. This option accepts an array of strings, @@ -479,6 +481,8 @@ The `exportTimeoutMs` configuration controls the time after which the exported d The `exportCleanupIntervalMs` configuration controls how frequently the cleanup process runs to remove expired export files. By default, cleanup runs every 2 minutes (120000ms). +> **🔒 Security Guideline:** The user account running the MCP server must have both read and write permissions to the `exportsPath` directory. Ensure this directory is properly secured with appropriate file system permissions to prevent unauthorized access to exported data files, which may contain sensitive MongoDB data. Consider the sensitivity of your data when choosing the export location and apply restrictive permissions accordingly. + #### Telemetry The `telemetry` configuration option allows you to disable telemetry collection. When enabled, the MCP server will collect usage data and send it to MongoDB.