MySQL 5.6 Reference Manual Including MySQL NDB Cluster 7.3-7.4 Reference Guide

6.1.6 Security Considerations for LOAD DATA LOCAL

The LOAD DATA statement loads a data file into a table. The statement can load a file located on the server host, or, if the LOCAL keyword is specified, on the client host.

The LOCAL version of LOAD DATA has two potential security issues:

To avoid connecting to untrusted servers, clients can establish a secure connection and verify the server identity by connecting using the --ssl-verify-server-cert option and the appropriate CA certificate.

To avoid LOAD DATA issues, clients should avoid using LOCAL.

Adminstrators and applications can configure whether to permit local data loading as follows:

If LOCAL capability is disabled, on either the server or client side, a client that attempts to issue a LOAD DATA LOCAL statement receives the following error message:

ERROR 1148: The used command is not allowed with this MySQL version