Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-305

Add LOAD DATA LOCAL INFILE security filter function

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.0-RC
    • Component/s: Other
    • Labels:
      None

      Description

      Problem is using "LOAD DATA LOCAL INFILE" (ie : loading a file from client), may be a security problem :

      • if server sources has been changed, server mays asked for a different file than the file in query.
      • if someone has can execute query from client, he can have access to any file on client (according to the rights of the user running the client process).

      Solution is to add a callback function that can validate file /directory structure.

        Attachments

          Activity

            People

            Assignee:
            diego dupin Diego Dupin
            Reporter:
            diego dupin Diego Dupin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.