Rechercher dans le manuel MySQL
6.1.6 Security Issues with LOAD DATA LOCAL
The LOAD DATA
statement can load a
file located on the server host, or, if the
LOCAL
keyword is specified, on the client host.
There are two potential security issues with the
LOCAL
version of LOAD
DATA
:
The transfer of the file from the client host to the server host is initiated by the MySQL server. In theory, a patched server could be built that would tell the client program to transfer a file of the server's choosing rather than the file named by the client in the
LOAD DATA
statement. Such a server could access any file on the client host to which the client user has read access. (A patched server could in fact reply with a file-transfer request to any statement, not justLOAD DATA LOCAL
, so a more fundamental issue is that clients should not connect to untrusted servers.)In a Web environment where the clients are connecting from a Web server, a user could use
LOAD DATA LOCAL
to read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.
To avoid LOAD DATA
issues, clients
should avoid using LOCAL
. To avoid connecting
to untrusted servers, clients can establish a secure connection
and verify the server identity by connecting using the
--ssl-mode=VERIFY_IDENTITY
option
and the appropriate CA certificate.
To enable adminstrators and applications to manage the local data
loading capability, LOCAL
configuration works
like this:
On the server side:
The
local_infile
system variable controls server-sideLOCAL
capability. Depending on thelocal_infile
setting, the server refuses or permits local data loading by clients that haveLOCAL
enabled on the client side. By default,local_infile
is disabled.To explicitly cause the server to refuse or permit
LOAD DATA LOCAL
statements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld withlocal_infile
disabled or enabled, respectively.local_infile
can also be set at runtime.
On the client side:
The
ENABLED_LOCAL_INFILE
CMake option controls the compiled-in defaultLOCAL
capability for the MySQL client library. Clients that make no explicit arrangements therefore haveLOCAL
capability disabled or enabled according to theENABLED_LOCAL_INFILE
setting specified at MySQL build time.By default, the client library in MySQL binary distributions is compiled with
ENABLED_LOCAL_INFILE
disabled. If you compile MySQL from source, configure it withENABLED_LOCAL_INFILE
disabled or enabled based on whether clients that make no explicit arrangements should haveLOCAL
capability disabled or enabled, respectively.Client programs that use the C API can control load data loading explicitly by invoking
mysql_options()
to disable or enable theMYSQL_OPT_LOCAL_INFILE
option. See Section 28.7.7.50, “mysql_options()”.For the mysql client, local data loading is disabled by default. To disable or enable it explicitly, use the
--local-infile=0
or--local-infile[=1]
option.For the mysqlimport client, local data loading is disabled by default. To disable or enable it explicitly, use the
--local=0
or--local[=1]
option.If you use
LOAD DATA LOCAL
in Perl scripts or other programs that read the[client]
group from option files, you can add anlocal-infile
option setting to that group. To prevent problems for programs that do not understand this option, specify it using theloose-
prefix:[client] loose-local-infile=0
or:
[client] loose-local-infile=1
In all cases, successful use of a
LOCAL
load operation by a client also requires that the server permits it.
If LOCAL
capability is disabled, on either the
server or client side, a client that attempts to issue a
LOAD DATA
LOCAL
statement receives the following error message:
ERROR 1148: The used command is not allowed with this MySQL version
Document created the 26/06/2006, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/mysql-rf-load-data-local.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.