subject:"RE\: Re\: Load local data infile problem"

Re: Re: Load local data infile problem

2003-01-09 Thread Stefan Hinz, iConnect \(Berlin\)

Jennifer,

 Why would they have to do that? The file does not need to be in that
 directory.  In order to use LOAD DATA INFILE without LOCAL the file
just
 needs to be somewhere on the server that mysqld is running on

Exactly this is the point. Most ISPs (at least all the big ones who
offer MySQL here in Germany) have their MySQL servers running on
separate machines. As a regular customer (this applies to business
customers as well) you will get _no_ account at all on the MySQL host
machines. This is why you _have_ to use LOCAL to bulk import data.

 Obviously this does not negate the fact that LOCAL is sometimes
needed, but
 allowing all users to write to mysql/bin is not needed at all for any
reason
 that I can see.  Maybe I am missing something?

No, this was just an extreme example, thus the smiley ;-)

 From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html
 If the LOCAL keyword is specified, the file is read from the client
host.
 If LOCAL is not specified, the file must be located on the server.
(LOCAL is
 available in MySQL Version 3.22.6 or later.)

This is the way it _should_ be, and the way it _was_ until 4.0.1 or so.
With the recent versions (I tested 4.0.5 and 4.0.7 binary
distributions), LOCAL will not work at all. This is a bug, not a
(security) feature.

Regards,
--
  Stefan Hinz [EMAIL PROTECTED]
  Geschäftsführer / CEO iConnect GmbH http://iConnect.de
  Heesestr. 6, 12169 Berlin (Germany)
  Tel: +49 30 7970948-0  Fax: +49 30 7970948-3

- Original Message -
From: Jennifer Goodie [EMAIL PROTECTED]
To: Stefan Hinz, iConnect (Berlin) [EMAIL PROTECTED]; Charles
Mabbott [EMAIL PROTECTED]; 'Prathmesh J. Mahidharia'
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 08, 2003 11:21 PM
Subject: RE: Re: Load local data infile problem


 Imagine an ISP giving every customer write privileges for the
mysql/bin
 directory ... ;-/

 Why would they have to do that? The file does not need to be in that
 directory.  In order to use LOAD DATA INFILE without LOCAL the file
just
 needs to be somewhere on the server that mysqld is running on and be
 readable by the mysqld user.  I load my files in from my home
directory
 because I don't think the mysql base dir and data dir are a great spot
to
 arbitrarily put files (and I don't have permission to them w/o
su-ing).  If
 you are connecting via localhost, have FILE permission on the DB, and
can
 create a readable file somewhere on that server, you would be fine.

 We do not allow LOCAL on our servers as we are running replication and
 3.23.54 won't support it.  I do not have write permission to any
directories
 except my home directory.  I have never run into any problems with
LOAD DATA
 that were not my own fault, usually it is error 13 because I typed the
path
 wrong or didn't chmod the file.

 Obviously this does not negate the fact that LOCAL is sometimes
needed, but
 allowing all users to write to mysql/bin is not needed at all for any
reason
 that I can see.  Maybe I am missing something?

 From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html
 If the LOCAL keyword is specified, the file is read from the client
host.
 If LOCAL is not specified, the file must be located on the server.
(LOCAL is
 available in MySQL Version 3.22.6 or later.)


 -Original Message-
 From: Stefan Hinz, iConnect (Berlin) [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, January 08, 2003 9:40 AM
 To: Charles Mabbott; 'Prathmesh J. Mahidharia'; [EMAIL PROTECTED]
 Subject: Re: Load local data infile problem


 Charles,

  I posted the same problem a couple of days ago. LOCAL will not work
  because of a security improvement the MySQL folks applied.

  LOAD DATA INFILE C:\\mysql\\fred.txt INTO TABLE data_table;
  Hope this helps, but only a workaround...

 Without LOCAL, quite alot of things will not work. Imagine an ISP
giving
 every customer write privileges for the mysql/bin directory ... ;-/

 Unfortunately, Monty did'nt mention if this is fixed in 4.0.8 or going
 to be fixed in 4.0.9 or 4.1. Personally, I regard this security
 improvement rather a bug than a feature.






-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

RE: Re: Load local data infile problem

2003-01-08 Thread Jennifer Goodie

Imagine an ISP giving every customer write privileges for the mysql/bin
directory ... ;-/

Why would they have to do that? The file does not need to be in that
directory.  In order to use LOAD DATA INFILE without LOCAL the file just
needs to be somewhere on the server that mysqld is running on and be
readable by the mysqld user.  I load my files in from my home directory
because I don't think the mysql base dir and data dir are a great spot to
arbitrarily put files (and I don't have permission to them w/o su-ing).  If
you are connecting via localhost, have FILE permission on the DB, and can
create a readable file somewhere on that server, you would be fine.

We do not allow LOCAL on our servers as we are running replication and
3.23.54 won't support it.  I do not have write permission to any directories
except my home directory.  I have never run into any problems with LOAD DATA
that were not my own fault, usually it is error 13 because I typed the path
wrong or didn't chmod the file.

Obviously this does not negate the fact that LOCAL is sometimes needed, but
allowing all users to write to mysql/bin is not needed at all for any reason
that I can see.  Maybe I am missing something?

From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html
If the LOCAL keyword is specified, the file is read from the client host.
If LOCAL is not specified, the file must be located on the server. (LOCAL is
available in MySQL Version 3.22.6 or later.)


-Original Message-
From: Stefan Hinz, iConnect (Berlin) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 9:40 AM
To: Charles Mabbott; 'Prathmesh J. Mahidharia'; [EMAIL PROTECTED]
Subject: Re: Load local data infile problem


Charles,

 I posted the same problem a couple of days ago. LOCAL will not work
 because of a security improvement the MySQL folks applied.

 LOAD DATA INFILE C:\\mysql\\fred.txt INTO TABLE data_table;
 Hope this helps, but only a workaround...

Without LOCAL, quite alot of things will not work. Imagine an ISP giving
every customer write privileges for the mysql/bin directory ... ;-/

Unfortunately, Monty did'nt mention if this is fixed in 4.0.8 or going
to be fixed in 4.0.9 or 4.1. Personally, I regard this security
improvement rather a bug than a feature.





-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail [EMAIL PROTECTED]
To unsubscribe, e-mail [EMAIL PROTECTED]
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Re: Re: Load local data infile problem

RE: Re: Load local data infile problem

2 matches

Site Navigation

Mail list logo

Footer information