|
Posted by Ray in HK on June 27, 2005, 10:56 am
Please log in for more thread options Thank you so much , very detail explaination.
¼¶¼g...
> Ray in HK wrote:
> > What are the differences between LOAD DATA INFILE and LOAD DATA LOCAL
INFILE?
>
> LOAD DATA LOCAL INFILE reads a file that is on the machine where you are
> running the mysql client. For example, your PC. The file must be sent
> over the network to the MySQL server host.
>
> LOAD DATA INFILE reads a file that is already on the machine running the
> mysql server. For example, the server at your web hosting company.
>
> This is described on this web page:
> http://dev.mysql.com/doc/mysql/en/load-data.html
>
> > I found some web hosting company do not allow using LOAD DATA INFILE but
> > allow LOAD DATA LOCAL INFILE. The reason is for the sake of security.
What
> > does that mean ?
>
> There's no way in MySQL to limit _which_ files can be read with LOAD
> DATA INFILE; all files that are readable by the user id of the mysqld
> process on the server would be readable.
>
> You could use this command to read many file on the system that you
> wouldn't have access to read as a customer of a web hosting service, and
> then import the text from that file into a MySQL table.
>
> Then you'd write a simple CGI script to display the text stored in the
> MySQL database, thus allowing yourself (or the whole internet) to read
> system files or other information that the web hosting company doesn't
> want to be public.
>
> So it makes sense that a web hosting company would want to restrict
> access to LOAD DATA INFILE. However, I'm not sure how they're
> accomlishing this while permitting LOAD DATA LOCAL INFILE; there is only
> one GRANT privilege called "FILE" which permits or denies use of LOAD
> DATA INFILE and SELECT... INTO OUTFILE. There is nothing mentioned in
> the MySQL page http://dev.mysql.com/doc/mysql/en/grant.html to permit
> LOAD DATA LOCAL INFILE while denying LOAD DATA INFILE.
>
> Regards,
> Bill K.
| 
XML Sitemap