[#CONC-175] Security vulnerabilities with load

[CONC-175] Security vulnerabilities with load Created: 2016-04-28 Updated: 2016-04-29 Resolved: 2016-04-29
Status:	Closed
Project:	MariaDB Connector/C
Component/s:	None
Affects Version/s:	2.1
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Aysha Pervez

Assignee:

Georg Richter

Resolution:

Won't Fix

Votes:

Labels:

None

Environment:

Prod

Description

Hi,

we are concerned about the security vulnerabilities with the load data local command.
As per the link http://dev.mysql.com/doc/refman/5.7/en/load-data-local.html, there are security issues when using load data local command, is there a fix or patch available where this issue is fixed.
or is there any other command that can be used to run a load data local command.

regards
Aysha

Comments

Comment by Sergei Golubchik [ 2016-04-29 ]

Yes, do not enable LOAD DATA LOCAL.

Did you read the page you've referenced? The security issue with LOAD DATA LOCAL is that the server can read files on the client host. This is the main functionality of LOAD DATA LOCAL so to fix this issue you need to disable LOAD DATA LOCAL.

Generated at Thu Feb 08 03:03:25 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONC-175] Security vulnerabilities with load Created: 2016-04-28 Updated: 2016-04-29 Resolved: 2016-04-29