Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AllowLoadLocalInfile option #643

Closed
bgrainger opened this issue May 23, 2019 · 2 comments
Closed

Support AllowLoadLocalInfile option #643

bgrainger opened this issue May 23, 2019 · 2 comments
Assignees
@bgrainger
Labels
enhancement

Comments

@bgrainger
Copy link
Member

bgrainger commented May 23, 2019
edited
Loading

Connector/NET 8.0.16 added the AllowLoadLocalInfile connection string option:

Default: false
Disables (by default) or enables the server functionality to load the data local infile.

This clears (sets) the ProtocolCapabilities.LocalFiles bit in the initial handshake. It should also cause the client to reject any request (from the server) to load a local file.

This is a security precaution.

MySqlConnector already has a mitigation for this vulnerability: #334. However, it may still be best to follow the latest MySQL security guidance and offer defense in depth by adding this connection string option.
@bgrainger bgrainger mentioned this issue May 23, 2019
Closed
@bgrainger
Copy link
Member Author

The documentation should be updated for this and #610 at the same time.

@bgrainger bgrainger self-assigned this May 24, 2019
@bgrainger
Copy link
Member Author

Fixed in 0.55.0.

@bgrainger bgrainger mentioned this issue Aug 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgrainger bgrainger

Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bgrainger