Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13353

CONNECT engine table_type=JDBC should not require FILE priv

    Details

      Description

      For security reasons it would be great if we did not have to grant FILE permission to everyone who uses a CONNECT JDBC table. Currently we have to grant FILE to all users, even non-administrators, which increases the chance of data being leaked by accident. We do use secure_file_priv to help this, but ideally no user would need FILE priv, or if that isn't possible for some reason, at least not require FILE to use a connect JDBC table.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bertrandop Olivier Bertrand
                Reporter:
                rdyas Robert Dyas
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: