[CONJ-305] Add LOAD DATA LOCAL INFILE security filter function - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.5.0-RC
Component/s: Other
Labels:
None

Description

Problem is using "LOAD DATA LOCAL INFILE" (ie : loading a file from client), may be a security problem :

if server sources has been changed, server mays asked for a different file than the file in query.
if someone has can execute query from client, he can have access to any file on client (according to the rights of the user running the client process).

Solution is to add a callback function that can validate file /directory structure.

Attachments

Activity

People

Assignee:: Diego Dupin

Reporter:: Diego Dupin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016-05-27 07:01

Updated:: 2016-06-29 16:39

Resolved:: 2016-06-28 15:54

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.