Paul,

>> Personally, I regard this security
>> "improvement" rather a bug than a feature.

> The implementation certainly is problematic, but the underlying
> issues that it tries to address is definitely real and not to be
ignored.
> People who say otherwise generally don't understand what those issues
> are.

Alright, now you got me :/

What I mean is there should be a way to turn LOCAL on again. It's
certainly nice if you can turn it off for enhanced security, but why
can't you turn it on again without compiling the server from source? The
manual section says that there is a --local-infile[=1] option for the
mysql CLI to turn it on, but it only mentions --local-infile=0 for the
server to turn it off. To me, this looks like --local-infile=1 was
intended to turn LOCAL on again, though the manual doesn't mention it.

Regards,
--
  Stefan Hinz <[EMAIL PROTECTED]>
  Geschäftsführer / CEO iConnect GmbH <http://iConnect.de>
  Heesestr. 6, 12169 Berlin (Germany)
  Tel: +49 30 7970948-0  Fax: +49 30 7970948-3

----- Original Message -----
From: "Paul DuBois" <[EMAIL PROTECTED]>
To: "Stefan Hinz, iConnect (Berlin)" <[EMAIL PROTECTED]>; "Charles
Mabbott" <[EMAIL PROTECTED]>; "'Prathmesh J. Mahidharia'"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, January 09, 2003 4:37 AM
Subject: Re: Load local data infile problem


At 18:39 +0100 1/8/03, Stefan Hinz, iConnect (Berlin) wrote:
>Charles,
>
>>>  I posted the same problem a couple of days ago. LOCAL will not work
>>>  because of a security "improvement" the MySQL folks applied.
>
>>  LOAD DATA INFILE "C:\\mysql\\fred.txt" INTO TABLE data_table;
>>  Hope this helps, but only a workaround...
>
>Without LOCAL, quite alot of things will not work. Imagine an ISP
giving
>every customer write privileges for the mysql/bin directory ... ;-/
>
>Unfortunately, Monty did'nt mention if this is fixed in 4.0.8 or going
>to be fixed in 4.0.9 or 4.1. Personally, I regard this security
>"improvement" rather a bug than a feature.

The implementation certainly is problematic, but the underlying
issues that it tries to address is definitely real and not to be
ignored.
People who say otherwise generally don't understand what those issues
are.

>
>Regards,
>--
>   Stefan Hinz <[EMAIL PROTECTED]>
>   Geschäftsführer / CEO iConnect GmbH <http://iConnect.de>
>   Heesestr. 6, 12169 Berlin (Germany)
>   Tel: +49 30 7970948-0  Fax: +49 30 7970948-3



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to