Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13353

CONNECT engine table_type=JDBC should not require FILE priv

    XMLWordPrintable

Details

    Description

      For security reasons it would be great if we did not have to grant FILE permission to everyone who uses a CONNECT JDBC table. Currently we have to grant FILE to all users, even non-administrators, which increases the chance of data being leaked by accident. We do use secure_file_priv to help this, but ideally no user would need FILE priv, or if that isn't possible for some reason, at least not require FILE to use a connect JDBC table.

      Attachments

        Issue Links

          Activity

            People

              bertrandop Olivier Bertrand
              rdyas Robert Dyas
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.