In cloud environments or other secure environments, you may want to lock your database down, allowing or disallowing certain grants or capabilities outside the database. One potential security issue is the use of LOAD DATA INFO and SELECT INTO OUTFILE, depending on what files that exist in directories the MySQL server has access to, or even if you have concerns with any database user ever having any access to the file system outside of the database. A few months ago, with version 5.5-25a-27.1, Percona extended this security feature so that you can disable LOAD DATA INFILE and SELECT INTO OUTFILE, simply called "secure-file-priv". This feature is extremely easy to use-- simply specify it in your my.cnf. You can set it a number of ways:
For instance, if you wanted to limit LOAD DATA INFILE or SELECT INTO OUTFILE to /var/tmp:
secure-file-priv = /var/tmp
Or if you wanted to disable it completely, specify no argument
secure-file-priv
The result of when a user tries to run either would be:
mysql> select * into outfile '/home/mydir/' t1.txt from t1;
ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
PlanetMySQL Voting: Vote UP / Vote DOWN
For instance, if you wanted to limit LOAD DATA INFILE or SELECT INTO OUTFILE to /var/tmp:
secure-file-priv = /var/tmp
Or if you wanted to disable it completely, specify no argument
secure-file-priv
The result of when a user tries to run either would be:
mysql> select * into outfile '/home/mydir/' t1.txt from t1;
ERROR 1290 (HY000): The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
PlanetMySQL Voting: Vote UP / Vote DOWN