13 messages in com.mysql.lists.mysqlRe: Security issues with LOAD DATA| From | Sent On | Attachments |
|---|---|---|
| Chris Williams | 02 Dec 2002 20:58 | |
| cwil...@rochester.rr.com | 02 Dec 2002 21:01 | |
| Egor Egorov | 03 Dec 2002 05:49 | |
| Michal Franc | 03 Dec 2002 09:18 | |
| cwil...@rochester.rr.com | 03 Dec 2002 12:02 | |
| Michelle de Beer | 05 Dec 2002 07:45 | |
| Roger Baklund | 05 Dec 2002 08:30 | |
| Ryan Fox | 05 Dec 2002 08:32 | |
| Doug Thompson | 05 Dec 2002 08:40 | |
| Victoria Reznichenko | 05 Dec 2002 09:00 | |
| Egor Egorov | 05 Dec 2002 09:00 | |
| Egor Egorov | 05 Dec 2002 09:00 | |
| Victoria Reznichenko | 06 Dec 2002 06:36 |
| Subject: | Re: Security issues with LOAD DATA |
|---|---|
| From: | cwil...@rochester.rr.com (cwil...@rochester.rr.com) |
| Date: | 12/03/2002 12:02:44 PM |
| List: | com.mysql.lists.mysql |
This also does not enable me to upload a data file. My resulting SQL statement reads:
LOAD DATA LOCAL '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ',' ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\r\n'
I have also tried: LOAD DATA LOCAL INFILE '/tmp/phpgPhl51' INTO TABLE test FIELDS TERMINATED BY ',' ENCLOSED BY '"' ESCAPED BY '\\' LINES TERMINATED BY '\r\n'
My hosting provider claims that I have no choice in this matter because of the security reference you have noted. However I find it hard to believe that this privilege can't be granted on a user by user basis as you would GRANT INSERT, DELETE...and so on.
I am also puzzled that I have the ability to perform this task from the phpmyadmin utility provided with my hosting account.
Regards, Chris
----- Original Message ----- From: "Egor Egorov" <egor...@ensita.net> To: <mys...@lists.mysql.com> Sent: Tuesday, December 03, 2002 5:50 AM Subject: re: Security issues with LOAD DATA
Chris, Tuesday, December 03, 2002, 6:58:39 AM, you wrote:
CW> I developed a PHP application where users can update a mySQL table using CW> LOAD DATA. Recently I installed this application on another web server where CW> the File Permissions have been set such that this method of uploading data CW> is no longer valid. Since phpMyAdmin is not an option I am trying to find an CW> alternative or workaround such that users can upload a comma delimited text CW> file containing the table records.
If user doesn't have FILE privilege you can use LOAD DATA LOCAL, but in this case you should enable something: http://www.mysql.com/doc/en/LOAD_DATA_LOCAL.html
-- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ ____ __ / |/ /_ __/ __/ __ \/ / Egor Egorov / /|_/ / // /\ \/ /_/ / /__ Egor...@ensita.net /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net <___/ www.mysql.com
--------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <mysq...@lists.mysql.com> To unsubscribe, e-mail <mysql-unsubscribe-cwilli14=roch...@lists.mysql.com> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php