>Imagine an ISP giving every customer write privileges for the mysql/bin directory ... ;-/
Why would they have to do that? The file does not need to be in that directory. In order to use LOAD DATA INFILE without LOCAL the file just needs to be somewhere on the server that mysqld is running on and be readable by the mysqld user. I load my files in from my home directory because I don't think the mysql base dir and data dir are a great spot to arbitrarily put files (and I don't have permission to them w/o su-ing). If you are connecting via localhost, have FILE permission on the DB, and can create a readable file somewhere on that server, you would be fine. We do not allow LOCAL on our servers as we are running replication and 3.23.54 won't support it. I do not have write permission to any directories except my home directory. I have never run into any problems with LOAD DATA that were not my own fault, usually it is error 13 because I typed the path wrong or didn't chmod the file. Obviously this does not negate the fact that LOCAL is sometimes needed, but allowing all users to write to mysql/bin is not needed at all for any reason that I can see. Maybe I am missing something? >From the docs -- http://www.mysql.com/doc/en/LOAD_DATA.html "If the LOCAL keyword is specified, the file is read from the client host. If LOCAL is not specified, the file must be located on the server. (LOCAL is available in MySQL Version 3.22.6 or later.)" -----Original Message----- From: Stefan Hinz, iConnect (Berlin) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 9:40 AM To: Charles Mabbott; 'Prathmesh J. Mahidharia'; [EMAIL PROTECTED] Subject: Re: Load local data infile problem Charles, >> I posted the same problem a couple of days ago. LOCAL will not work >> because of a security "improvement" the MySQL folks applied. > LOAD DATA INFILE "C:\\mysql\\fred.txt" INTO TABLE data_table; > Hope this helps, but only a workaround... Without LOCAL, quite alot of things will not work. Imagine an ISP giving every customer write privileges for the mysql/bin directory ... ;-/ Unfortunately, Monty did'nt mention if this is fixed in 4.0.8 or going to be fixed in 4.0.9 or 4.1. Personally, I regard this security "improvement" rather a bug than a feature. --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php