LOAD DATA statement can load a
file located on the server host, or, if the
LOCAL keyword is specified, on the client host.
There are two potential security issues with the
LOCAL version of
The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server's choosing rather than the file named by the client in the
LOAD DATAstatement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not just
LOAD DATA LOCAL, so a more fundamental issue is that clients should not connect to untrusted servers.)
In a Web environment where the clients are connecting from a Web server, a user could use
LOAD DATA LOCALto read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.
LOAD DATA issues, clients
should avoid using
LOCAL. To avoid connecting
to untrusted servers, clients can establish a secure connection
and verify the server identity by connecting using the
and the appropriate CA certificate.
To enable adminstrators and applications to manage the local data
LOCAL configuration works
On the client side:
By default, the MySQL client library in binary distributions is compiled with the
-DENABLED_LOCAL_INFILE=1CMake option. Clients that make no arrangements otherwise therefore have
If you build MySQL from source and configure it with
-DENABLED_LOCAL_INFILE=0, clients that make no arrangements otherwise have
If you use
LOAD DATA LOCALin Perl scripts or other programs that read the
[client]group from option files, you can add an
local-infileoption setting to that group. To prevent problems for programs that do not understand this option, specify it using the
In all cases, successful use of a local load operation by a client requires that the server permits it.
On the server side:
LOCALcapability is enabled by default. The server permits clients that have
LOCALenabled on the client side to perform local data loading.
To cause the server to refuse all
LOAD DATA LOCALstatements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld with the
local_infilesystem variable disabled.
LOCAL is disabled, either on the server or client side,
a client that attempts to issue such a statement receives the
following error message:
ERROR 1148: The used command is not allowed with this MySQL version