Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Problem is using "LOAD DATA LOCAL INFILE" (ie : loading a file from client), may be a security problem :
- if server sources has been changed, server mays asked for a different file than the file in query.
- if someone has can execute query from client, he can have access to any file on client (according to the rights of the user running the client process).
Solution is to add a callback function that can validate file /directory structure.