Details
-
Task
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Implement safe "LOAD DATA LOCAL INFILE" method
Prerequisites
1. Clients should be capabable to check if a SQL statement is a LOAD DATA LOCAL INFILE statement and parse the specified filename.
2. Client and Server indicate by extended capability flag MARIADB_CLIENT_SAFE_LOCAL_INFILE that they can handle LOAD DATA LOCAL INFILE in a safely manner.
Workflow
Client will parse the SQL statement and in case it was a LOAD DATA LOCAL INFILE statement parse the specified filename.
If the filename does not exist or is not readable by client an error will be returned.
In case both server and client have MARIADB_CLIENT_SAFE_LOCAL_FILE capability flag set, the server will not send parsed filename anymore to client. The client itself sends the content of the file immediately after sending the LOAD DATA LOCAL INFILE statement to the server.
If only client is capable to handle LOAD DATA LOCAL INFILE in a safely manner, client will read server response and check if the filename sent by server will match the parsed file name.
Additionally the client will check if server sent a file sending request, if the previously executed command was a LOAD DATA LOCAL INFILE statement.
Unsetting CLIENT_LOCAL_FILES flag (disabling LOAD DATA LOCAL INFILE) will not have any effect since the client will be able to safely handle LOAD DATA LOCAL INFILE.
Attachments
Issue Links
- causes
-
-
- Open
-
- is part of
-
-
- Closed
-
- relates to
-
CONC-525 Incorrect handling of the statement LOAD DATA LOCAL INFILE by implementation of libmariadb
-
- Closed
-