Closed mirromutth closed 5 months ago
Hi, @jchrys @JohnNiang
In JDBC-MySQL, allowLoadLocalInfileInPath
will work only if allowLoadLocalInfile=false
. The allowLoadLocalInfile
option means "allow LOAD DATA LOCAL INFILE
and allow it to load file data from any path". It seems to be for historical reasons.
For example:
allowLoadLocalInfile=true
for allowed and unrestricted LOCAL INFILE
allowLoadLocalInfileInPath=/opt
for allowed and restricted LOCAL INFILE
allowLoadLocalInfile=true&allowLoadLocalInfileInPath=/opt
for allowed and UNRESTRICTED LOCAL INFILE
, allowLoadLocalInfileInPath
will be ignoredIn my opinion, r2dbc-mysql
should make allowLoadLocalInfile
just mean "allow LOAD DATA LOCAL INFILE
", and that can be restricted by loadLocalInfileInPath
. Which means, loadLocalInfileInPath
will work only if allowLoadLocalInfile=true
, and all LOCAL INFILE
can only read files in the path.
For example:
allowLoadLocalInfile=true
for allowed and unrestricted LOCAL INFILE
allowLoadLocalInfile=true&loadLocalInfileInPath=/opt
for allowed and restricted LOCAL INFILE
loadLocalInfileInPath=/opt
, LOCAL INFILE
will not be allowedThis prevents users from accidentally setting up unrestricted file access.
Or we can make it the same as JDBC.
Any ideas?
I agree with your idea but would like to suggest a slightly different approach.
What if we consider not supporting the allowLoadLocalInfile
property? (or keep (jdbc version of)allowLoadLocalInfile
= false
)
I think that the property allowLoadLocalInfileInPath={path}
could effectively convey the user's intentions(allowLoadLocalInfileInPath=/
for unrestricted case as well).
What are your thoughts on this?
Motivation:
Add
LOCAL INFILE
support.See also #206 .
Modification:
SubsequenceClientMessage
LocalInfileRequest
/LocalInfileResponse
for text protocolLOCAL INFILE
support, and it should be a string to specify "safety path"Result:
Query
LOCAL INFILE
support.