On Wed, Oct 19, 2011 at 11:37 AM, Olaf van der Spek <[email protected]> wrote: > On Wed, Oct 19, 2011 at 9:46 AM, Henrik Ingo <[email protected]> > wrote: >> In practice the client-side implementation uses the same code server >> side (client just sends the file to server, then does LOAD DATA INFILE >> normally) so you can't then remove the code from the server either. >> Also note that similar security concerns do not apply here as they do >> for SELECT INTO OUTFILE. > > Why not? > You could still read files like "/etc/passwd".
Ok, you're right. >> Summary: We should preserve one way of easily loading CSV data into a >> table. There is no reason, security or otherwise, why not to do so: >> either we should keep the current stuff or replace it with something >> new, don't remove it. > > Right. But the parser for that should not be server-side. > Client can parse CSV (or XML or whatever) and generate normal SQL (or > noSQL) statements. Yes, if you want to improve on what is currently there, I agree there is room for improvement. But I don't see a pressing need to remove the existing LOAD DATA [LOCAL] INFILE as long as there is not a replacement. Regarding parsing: The way LOAD DATA LOCAL INFILE works currently, it sends the CSV file to server and there it is stored in /tmp/, read, parsed and fed directly into the table. Possibly this is more efficient than if the client would rewrite CSV data into SQL INSERTs, then the server has to parse the SQL anyway, and SQL is quite wordy. LOAD DATA is very efficient, I've managed to get 100k rows inserted by second (small rows). I'm not sure you can easily get that with INSERTs, (but maybe if you combine a lot of rows into one INSERT). It seems to me ideally you could just modify the current code so that it will never read a file from the server, but instead it could consume CSV data coming in from the client without saving it as a temporary file first. henrik -- [email protected] +358-40-8211286 skype: henrik.ingo irc: hingo www.openlife.cc My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559 _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
