Bug #74712 | Wrong security info in LOAD DATA INFILE documentation | ||
---|---|---|---|
Submitted: | 6 Nov 2014 12:09 | Modified: | 11 Apr 2017 23:27 |
Reporter: | Hartmut Holzgraefe | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Documentation | Severity: | S3 (Non-critical) |
Version: | OS: | Any | |
Assigned to: | Paul DuBois | CPU Architecture: | Any |
[6 Nov 2014 12:09]
Hartmut Holzgraefe
[7 Nov 2014 8:44]
MySQL Verification Team
Hello Hartmut, Thank you for the bug report. Thanks, Umesh
[11 Apr 2017 23:27]
Paul DuBois
Posted by developer: You're right, the information is out of date. Since secure_file_priv was implemented, non-LOCAL LOAD DATA operations are subject to its value. Revised text: Non-LOCAL load operations read text files located on the server. For security reasons, such operations require that you have the FILE privilege. See . Also, non-LOCAL load operations are subject to the secure_file_priv system variable setting. If the variable value is a nonempty directory name, the file to be loaded must be located in that directory. If the variable value is empty (which is insecure), the file need only be readable by the server.