Ray in HK wrote:
What are the differences between LOAD DATA INFILE and LOAD DATA LOCAL INFILE?
LOAD DATA LOCAL INFILE reads a file that is on the machine where you are
running the mysql client. For example, your PC. The file must be sent
over the network to the MySQL server host.
LOAD DATA INFILE reads a file that is already on the machine running the
mysql server. For example, the server at your web hosting company.
This is described on this web page:
http://dev.mysql.com/doc/mysql/en/load-data.html
I found some web hosting company do not allow using LOAD DATA INFILE but
allow LOAD DATA LOCAL INFILE. The reason is for the sake of security. What
does that mean ?
There's no way in MySQL to limit _which_ files can be read with LOAD
DATA INFILE; all files that are readable by the user id of the mysqld
process on the server would be readable.
You could use this command to read many file on the system that you
wouldn't have access to read as a customer of a web hosting service, and
then import the text from that file into a MySQL table.
Then you'd write a simple CGI script to display the text stored in the
MySQL database, thus allowing yourself (or the whole internet) to read
system files or other information that the web hosting company doesn't
want to be public.
So it makes sense that a web hosting company would want to restrict
access to LOAD DATA INFILE. However, I'm not sure how they're
accomlishing this while permitting LOAD DATA LOCAL INFILE; there is only
one GRANT privilege called "FILE" which permits or denies use of LOAD
DATA INFILE and SELECT... INTO OUTFILE. There is nothing mentioned in
the MySQL page
http://dev.mysql.com/doc/mysql/en/grant.html to permit
LOAD DATA LOCAL INFILE while denying LOAD DATA INFILE.
Regards,
Bill K.