Jennifer,
Why would they have to do that? The file does not need to be in that
directory. In order to use LOAD DATA INFILE without LOCAL the file
just
needs to be somewhere on the server that mysqld is running on
Exactly this is the point. Most ISPs (at least all the big ones who
offer MySQL here in Germany) have their MySQL servers running on
separate machines. As a regular customer (this applies to business
customers as well) you will get _no_ account at all on the MySQL host
machines. This is why you _have_ to use LOCAL to bulk import data.
Obviously this does not negate the fact that LOCAL is sometimes
needed, but
allowing all users to write to mysql/bin is not needed at all for any
reason
that I can see. Maybe I am missing something?
No, this was just an extreme example, thus the smiley ;-)
From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html
If the LOCAL keyword is specified, the file is read from the client
host.
If LOCAL is not specified, the file must be located on the server.
(LOCAL is
available in MySQL Version 3.22.6 or later.)
This is the way it _should_ be, and the way it _was_ until 4.0.1 or so.
With the recent versions (I tested 4.0.5 and 4.0.7 binary
distributions), LOCAL will not work at all. This is a bug, not a
(security) feature.
Regards,
--
Stefan Hinz [EMAIL PROTECTED]
Geschäftsführer / CEO iConnect GmbH http://iConnect.de
Heesestr. 6, 12169 Berlin (Germany)
Tel: +49 30 7970948-0 Fax: +49 30 7970948-3
- Original Message -
From: Jennifer Goodie [EMAIL PROTECTED]
To: Stefan Hinz, iConnect (Berlin) [EMAIL PROTECTED]; Charles
Mabbott [EMAIL PROTECTED]; 'Prathmesh J. Mahidharia'
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 08, 2003 11:21 PM
Subject: RE: Re: Load local data infile problem
Imagine an ISP giving every customer write privileges for the
mysql/bin
directory ... ;-/
Why would they have to do that? The file does not need to be in that
directory. In order to use LOAD DATA INFILE without LOCAL the file
just
needs to be somewhere on the server that mysqld is running on and be
readable by the mysqld user. I load my files in from my home
directory
because I don't think the mysql base dir and data dir are a great spot
to
arbitrarily put files (and I don't have permission to them w/o
su-ing). If
you are connecting via localhost, have FILE permission on the DB, and
can
create a readable file somewhere on that server, you would be fine.
We do not allow LOCAL on our servers as we are running replication and
3.23.54 won't support it. I do not have write permission to any
directories
except my home directory. I have never run into any problems with
LOAD DATA
that were not my own fault, usually it is error 13 because I typed the
path
wrong or didn't chmod the file.
Obviously this does not negate the fact that LOCAL is sometimes
needed, but
allowing all users to write to mysql/bin is not needed at all for any
reason
that I can see. Maybe I am missing something?
From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html
If the LOCAL keyword is specified, the file is read from the client
host.
If LOCAL is not specified, the file must be located on the server.
(LOCAL is
available in MySQL Version 3.22.6 or later.)
-Original Message-
From: Stefan Hinz, iConnect (Berlin) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 9:40 AM
To: Charles Mabbott; 'Prathmesh J. Mahidharia'; [EMAIL PROTECTED]
Subject: Re: Load local data infile problem
Charles,
I posted the same problem a couple of days ago. LOCAL will not work
because of a security improvement the MySQL folks applied.
LOAD DATA INFILE C:\\mysql\\fred.txt INTO TABLE data_table;
Hope this helps, but only a workaround...
Without LOCAL, quite alot of things will not work. Imagine an ISP
giving
every customer write privileges for the mysql/bin directory ... ;-/
Unfortunately, Monty did'nt mention if this is fixed in 4.0.8 or going
to be fixed in 4.0.9 or 4.1. Personally, I regard this security
improvement rather a bug than a feature.
-
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php