How to disable LOCAL INFILE in MySql 5.5 Ubuntu 12.04
From MySQL Docs for load_file reference, it can be seen that load_file is MySQL function that returns content of the file as string. It does nothing more than that. It has nothing to do with local_infile.
For security purpose, from same docs:
If the secure_file_priv system variable is set to a nonempty directory name, the file to be loaded must be located in that directory.
So if you set the system variable "secure_file_priv", then file has to be present in that particular directory. Moreover, user requires File level privileges to execute this statement. Simply do not give file level privileges to your users who are accessing database, if you want it to be secured.
Further local-infile is for LOAD DATA statements, which loads data into table, thereby affecting tables. It has nothing to do with load_file() function.
Related videos on Youtube
FoREacH
Updated on September 18, 2022Comments
-
FoREacH over 1 year
Cannot disable LOCAL INFILE ( for security reasons ) in mysql Ver 14.14 Distrib 5.5.25a, for debian-linux-gnu (i686) using readline 6.2 on ubuntu 12.04; Here is my /etc/mysql/my.cnf
[client] port = 3306 socket = /var/run/mysqld/mysqld.sock loose-local-infile=0 local-infile=0 [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] local-infile=0 user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking
I do
sudo /etc/init.d/mysql restart mysql -u root -p mysql> SELECT load_file("/etc/passwd");
And it shows me my /etc/passwd content. So it didn't work.
-
Admin over 11 yearsbefore firing your select query, try the statement "show variables like "load_infile"" and check if your change has taken effect or not.
-
Admin over 11 yearsSHOW VARIABLES shows | local_infile | OFF
-
Admin over 11 yearsLOAD DATA LOCAL INFILE '/etc/passwd' INTO TABLE table1 -> ; ERROR 1148 (42000): The used command is not allowed with this MySQL version ===> ALL WORKS, but SELECT load_file("/etc/passwd"); loads file !
-
Admin over 11 yearsThis belongs on Ask Ubuntu.
-