Documentation MCP Server

authentication.md•1.3 KiB

--- title: Authentication and Security tags: [security, authentication, guide] category: guides parent: getting-started order: 2 --- # Authentication and Security ## Overview The Hierarchical Documentation MCP server implements multiple security layers to protect your documentation and prevent unauthorized access. ## Path Validation All file system access is validated to prevent directory traversal attacks: - Paths are resolved to absolute paths and checked against allowed directories - Hidden files (starting with `.`) are automatically excluded - Symbolic links are followed but validated against allowed directories ## Query Sanitization Search queries and user input are sanitized to prevent: - Injection attacks - Malformed regex patterns - Excessive resource consumption ## Remote Deployment When deploying the MCP server as a remote HTTP service, use API token authentication: ```yaml # .mcp-docs.yaml authentication: enabled: true type: token tokens: - name: development value: ${MCP_AUTH_TOKEN} ``` ## Best Practices 1. Never expose the MCP server directly to the internet without authentication 2. Use workspace-relative paths in configuration to prevent absolute path leaks 3. Regularly review security audit logs for suspicious activity 4. Keep the server and dependencies updated

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/esola-thomas/your-docs-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

authentication.md•1.3 KiB