Jump to content


security issues LOAD DATA INFILE

  • Please log in to reply
1 reply to this topic

#1 rupertthebear

  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 22 February 2006 - 07:35 AM

I am a wamp newbie hoping to be able to build some inter-related mysql tables using LOAD DATA INFILE statements that refer to text files built and temporarily saved by PHP code on a web server. All works fine on my wamp - but the files are not picked up by the LOAD DATA INFILE statements in a similar experiment on my web domain.

I assume I cannot access the MySQL folders (to save my text files there) and I am told I need File permissions to my public_html folder (in order to save the text files there so that the LOAD DATA INFILE statement can pick it up).

And File permissions on the public_html folder has serious security implications. What are these implications - can my PHP script be read to see the MySQL username and password in a mysql_connect() statement? Can nasty files be saved by others on my public_html folder?

Hope this is the right forum to ask about this.

#2 fenway

  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 22 February 2006 - 08:04 AM

The security risk does have to do with the files being in the mysql data directory itself. However, if you use LOAD DATA LOCAL INFILE, you can put the file wherever you want, and there's no issue.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users