Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-305

Add LOAD DATA LOCAL INFILE security filter function

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0-RC
    • Other
    • None

    Description

      Problem is using "LOAD DATA LOCAL INFILE" (ie : loading a file from client), may be a security problem :

      • if server sources has been changed, server mays asked for a different file than the file in query.
      • if someone has can execute query from client, he can have access to any file on client (according to the rights of the user running the client process).

      Solution is to add a callback function that can validate file /directory structure.

      Attachments

        Activity

          People

            diego dupin Diego Dupin
            diego dupin Diego Dupin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.