On Wed, Oct 19, 2011 at 9:46 AM, Henrik Ingo <[email protected]> wrote: > In practice the client-side implementation uses the same code server > side (client just sends the file to server, then does LOAD DATA INFILE > normally) so you can't then remove the code from the server either. > Also note that similar security concerns do not apply here as they do > for SELECT INTO OUTFILE.
Why not? You could still read files like "/etc/passwd". > Summary: We should preserve one way of easily loading CSV data into a > table. There is no reason, security or otherwise, why not to do so: > either we should keep the current stuff or replace it with something > new, don't remove it. Right. But the parser for that should not be server-side. Client can parse CSV (or XML or whatever) and generate normal SQL (or noSQL) statements. Olaf _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
