Prevent client use of LOAD DATA INFILE, SELECT INTO OUTFILE statements and LOAD_FILE() function
In cloud environments, users have no access to the server filesystem, so there should be a way to disable the SELECT INTO OUTFILE and LOAD DATA INFILE statements and the LOAD_FILE() function, as there will never be a legitimate use of them.
In order to prevent MySQL clients from interacting with the server filesystem, the secure-file-priv server option will be extended so that it can be used without an argument. When used with no argument, the LOAD_FILE() function will always return NULL. The LOAD DATA INFILE and SELECT INTO OUTFILE statements will fail with the following error: "The MySQL server is running with the --secure-file-priv option so it cannot execute this statement". LOAD DATA LOCAL INFILE is not affected by the --secure-file-priv option and will still work when it's used without an argument.
Blueprint information
- Status:
- Complete
- Approver:
- Alexey Kopytov
- Priority:
- Medium
- Drafter:
- George Ormond Lorch III
- Direction:
- Approved
- Assignee:
- Sergei Glushchenko
- Definition:
- Approved
- Series goal:
- Proposed for 5.5
- Implementation:
- Implemented
- Milestone target:
- 5.5.25a-27.1
- Started by
- Sergei Glushchenko
- Completed by
- Alexey Kopytov
Whiteboard
Issue #23599.
As was discussed on IRC, instead of adding new option, behavior of existing option --secure-file-priv will be extended. When specified with no argument, it will block INFILE and OUTFILE operations.