![background image](http://html1.mh-extra.com/html/oracle/5-0/5-0_reference-manual_1646196592.webp)
Security Issues with
LOAD DATA LOCAL
572
4. To start the server as the given user automatically at system startup time, specify the user name
by adding a
user
option to the
[mysqld]
group of the
/etc/my.cnf
option file or the
my.cnf
option file in the server's data directory. For example:
[mysqld]
user=
user_name
If your Unix machine itself is not secured, you should assign passwords to the MySQL
root
accounts
in the grant tables. Otherwise, any user with a login account on that machine can run the
mysql
client
with a
--user=root
[270]
option and perform any operation. (It is a good idea to assign passwords
to MySQL accounts in any case, but especially so when other login accounts exist on the server host.)
See
Section 2.18, “Postinstallation Setup and Testing”
.
6.1.6. Security Issues with
LOAD DATA LOCAL
The
LOAD DATA
statement can load a file that is located on the server host, or it can load a file that is
located on the client host when the
LOCAL
keyword is specified.
There are two potential security issues with supporting the
LOCAL
version of
LOAD DATA
statements:
• The transfer of the file from the client host to the server host is initiated by the MySQL server. In
theory, a patched server could be built that would tell the client program to transfer a file of the
server's choosing rather than the file named by the client in the
LOAD DATA
statement. Such a
server could access any file on the client host to which the client user has read access.
• In a Web environment where the clients are connecting from a Web server, a user could use
LOAD
DATA LOCAL
to read any files that the Web server process has read access to (assuming that a
user could run any command against the SQL server). In this environment, the client with respect
to the MySQL server actually is the Web server, not the remote program being run by the user who
connects to the Web server.
To deal with these problems, we changed how
LOAD DATA LOCAL
is handled as of MySQL 3.23.49
and MySQL 4.0.2 (4.0.13 on Windows):
• By default, all MySQL clients and libraries in binary distributions are compiled with the
--enable-
local-infile
option, to be compatible with MySQL 3.23.48 and before.
• If you build MySQL from source but do not invoke
configure
with the
--enable-local-
infile
option,
LOAD DATA LOCAL
cannot be used by any client unless it is written explicitly
to invoke
mysql_options(... MYSQL_OPT_LOCAL_INFILE, 0)
. See
Section 20.6.6.49,
“
mysql_options()
”
.
• You can disable all
LOAD DATA LOCAL
statements from the server side by starting
mysqld
with the
--local-infile=0
[462]
option.
• For the
mysql
command-line client, enable
LOAD DATA LOCAL
by specifying the
--local-
infile[=1]
[267]
option, or disable it with the
--local-infile=0
[267]
option. For
mysqlimport
, local data file loading is off by default; enable it with the
--local
[311]
or
-L
option.
In any case, successful use of a local load operation requires that the server permits it.
• If you use
LOAD DATA LOCAL
in Perl scripts or other programs that read the
[client]
group from
option files, you can add the
local-infile=1
option to that group. However, to keep this from
causing problems for programs that do not understand
local-infile
, specify it using the
loose-
prefix:
[client]
loose-local-infile=1
• If
LOAD DATA LOCAL
is disabled, either in the server or the client, a client that attempts to issue
such a statement receives the following error message:
ERROR 1148: The used command is not allowed with this MySQL version
Содержание 5.0
Страница 1: ...MySQL 5 0 Reference Manual ...
Страница 18: ...xviii ...
Страница 60: ...40 ...
Страница 396: ...376 ...
Страница 578: ...558 ...
Страница 636: ...616 ...
Страница 844: ...824 ...
Страница 1234: ...1214 ...
Страница 1426: ...MySQL Proxy Scripting 1406 The following diagram shows an overview of the classes exposed by MySQL Proxy ...
Страница 1427: ...MySQL Proxy Scripting 1407 ...
Страница 1734: ...1714 ...
Страница 1752: ...1732 ...
Страница 1783: ...Configuring Connector ODBC 1763 ...
Страница 1793: ...Connector ODBC Examples 1773 ...
Страница 1839: ...Connector Net Installation 1819 2 You must choose the type of installation to perform ...
Страница 1842: ...Connector Net Installation 1822 5 Once the installation has been completed click Finish to exit the installer ...
Страница 1864: ...Connector Net Visual Studio Integration 1844 Figure 20 24 Debug Stepping Figure 20 25 Function Stepping 1 of 2 ...
Страница 2850: ...2830 ...
Страница 2854: ...2834 ...
Страница 2928: ...2908 ...
Страница 3000: ...2980 ...
Страница 3122: ...3102 ...
Страница 3126: ...3106 ...
Страница 3174: ...3154 ...
Страница 3232: ...3212 ...