Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13353

CONNECT engine table_type=JDBC should not require FILE priv

    XMLWordPrintable

    Details

      Description

      For security reasons it would be great if we did not have to grant FILE permission to everyone who uses a CONNECT JDBC table. Currently we have to grant FILE to all users, even non-administrators, which increases the chance of data being leaked by accident. We do use secure_file_priv to help this, but ideally no user would need FILE priv, or if that isn't possible for some reason, at least not require FILE to use a connect JDBC table.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bertrandop Olivier Bertrand
              Reporter:
              rdyas Robert Dyas
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: