The LOAD DATA statement loads a data file into a table. LOAD DATA语句将数据文件加载到表中。The statement can load a file located on the server host, or, if the 该语句可以加载位于服务器主机上的文件,或者,如果指定了LOCAL keyword is specified, on the client host.LOCAL关键字,则可以加载位于客户端主机上。
The LOCAL version of LOAD DATA has two potential security issues:LOAD DATA的LOCAL版本有两个潜在的安全问题:
Because 由于LOAD DATA LOCAL is an SQL statement, parsing occurs on the server side, and transfer of the file from the client host to the server host is initiated by the MySQL server, which tells the client the file named in the statement. LOAD DATA LOCAL是一个SQL语句,解析发生在服务器端,文件从客户端主机到服务器主机的传输由MySQL服务器启动,MySQL服务器告诉客户端该语句中命名的文件。In theory, a patched server could tell the client program to transfer a file of the server's choosing rather than the file named in the statement. Such a server could access any file on the client host to which the client user has read access. 理论上,打补丁的服务器可以告诉客户端程序传输服务器选择的文件,而不是语句中指定的文件。这样的服务器可以访问客户端用户具有读取权限的客户端主机上的任何文件。(A patched server could in fact reply with a file-transfer request to any statement, not just (打补丁的服务器实际上可以用文件传输请求回复任何语句,而不仅仅是LOAD DATA LOCAL, so a more fundamental issue is that clients should not connect to untrusted servers.)LOAD DATA LOCAL,因此一个更根本的问题是客户端不应该连接到不受信任的服务器。)
In a Web environment where the clients are connecting from a Web server, a user could use 在客户端从Web服务器连接的Web环境中,用户可以使用LOAD DATA LOCAL to read any files that the Web server process has read access to (assuming that a user could run any statement against the SQL server). LOAD DATA LOCAL读取Web服务器进程具有读取权限的任何文件(假设用户可以对SQL服务器运行任何语句)。In this environment, the client with respect to the MySQL server actually is the Web server, not a remote program being run by users who connect to the Web server.在这种环境中,MySQL服务器的客户端实际上是Web服务器,而不是由连接到Web服务器的用户运行的远程程序。
To avoid connecting to untrusted servers, clients can establish a secure connection and verify the server identity by connecting using the 为了避免连接到不受信任的服务器,客户端可以建立安全连接,并通过使用--ssl-mode=VERIFY_IDENTITY option and the appropriate CA certificate.--ssl mode=verify_identity选项和相应的CA证书进行连接来验证服务器身份。
To avoid 为了避免LOAD DATA issues, clients should avoid using LOCAL unless proper client-side precautions have been taken.LOAD DATA问题,除非采取了适当的客户端预防措施,否则客户端应避免使用LOCAL。
For control over local data loading, MySQL permits the capability to be enabled or disabled. In addition, as of MySQL 8.0.21, MySQL enables clients to restrict local data loading operations to files located in a designated directory.为了控制本地数据加载,MySQL允许启用或禁用该功能。此外,从MySQL 8.0.21开始,MySQL允许客户端将本地数据加载操作限制在指定目录中的文件上。
Adminstrators and applications can configure whether to permit local data loading as follows:管理员和应用程序可以配置是否允许本地数据加载,如下所示:
On the server side:在服务器端:
The local_infile system variable controls server-side LOCAL capability. local_infile系统变量控一致性务器端的LOCAL功能。Depending on the 根据local_infile setting, the server refuses or permits local data loading by clients that request local data loading.local_infile设置,服务器拒绝或允许请求本地数据加载的客户端加载本地数据。
By default, 默认情况下,local_infile is disabled. local_infile是禁用的。To explicitly cause the server to refuse or permit 要明确地使服务器拒绝或允许LOAD DATA LOCAL statements (regardless of how client programs and libraries are configured at build time or runtime), start mysqld with local_infile disabled or enabled. LOAD DATA LOCAL语句(无论客户端程序和库在构建时或运行时是如何配置的),请在禁用或启用local_infile的情况下启动mysqld。local_infile can also be set at runtime.local_infile也可以在运行时设置。
On the client side:在客户端:
The ENABLED_LOCAL_INFILE CMake option controls the compiled-in default LOCAL capability for the MySQL client library (see Section 2.9.7, “MySQL Source-Configuration Options”). ENABLED_LOCAL_INFILE CMake选项控制MySQL客户端库的默认LOCAL编译功能(请参阅第2.9.7节,“MySQL源配置选项”)。Clients that make no explicit arrangements therefore have 因此,没有明确安排的客户端根据MySQL构建时指定的LOCAL capability disabled or enabled according to the ENABLED_LOCAL_INFILE setting specified at MySQL build time.ENABLED_LOCAL_INFILE设置禁用或启用了LOCAL功能。
By default, the client library in MySQL binary distributions is compiled with 默认情况下,MySQL二进制发行版中的客户端库在编译时禁用了ENABLED_LOCAL_INFILE disabled. ENABLED_LOCAL_INFILE。If you compile MySQL from source, configure it with 如果从源代码编译MySQL,请根据没有明确安排的客户端是否应禁用或启用本地功能,将其配置为禁用或启用ENABLED_LOCAL_INFILE disabled or enabled based on whether clients that make no explicit arrangements should have LOCAL capability disabled or enabled.ENABLED_LOCAL_INFILE。
For client programs that use the C API, local data loading capability is determined by the default compiled into the MySQL client library. 对于使用C API的客户端程序,本地数据加载能力由编译到MySQL客户端库的默认值决定。To enable or disable it explicitly, invoke the 要显式启用或禁用它,请调用mysql_options() C API function to disable or enable the MYSQL_OPT_LOCAL_INFILE option. mysql_options()C API函数以禁用或启用MYSQL_OPT_LOCAL_INFILE选项。See mysql_options().请参阅mysql_options()。
For the mysql client, local data loading capability is determined by the default compiled into the MySQL client library. 对于mysql客户端,本地数据加载能力由编译到mysql客户端库中的默认值决定。To disable or enable it explicitly, use the 要显式禁用或启用它,请使用--local-infile=0 or --local-infile[=1] option.--local-infile=0或--local infile[=1]选项。
For the mysqlimport client, local data loading is not used by default. 对于mysqlimport客户端,默认情况下不使用本地数据加载。To disable or enable it explicitly, use the 要显式禁用或启用它,请使用--local=0 or --local[=1] option.--local=0或--local[=1]选项。
If you use 如果在Perl脚本或其他从选项文件读取LOAD DATA LOCAL in Perl scripts or other programs that read the [client] group from option files, you can add a local-infile option setting to that group.[client]组的程序中使用LOAD DATA LOCAL,则可以向该组添加local-infile选项设置。 To prevent problems for programs that do not understand this option, specify it using the 为了防止不理解此选项的程序出现问题,请使用loose- prefix:loose-前缀指定它:
[client] loose-local-infile=0
or:或者:
[client] loose-local-infile=1
In all cases, successful use of a 在所有情况下,客户端成功使用LOCAL load operation by a client also requires that the server permits local loading.LOCAL加载操作还需要服务器允许本地加载。
If 如果在服务器或客户端禁用了LOCAL capability is disabled, on either the server or client side, a client that attempts to issue a LOAD DATA LOCAL statement receives the following error message:LOCAL功能,则尝试发出LOAD DATA LOCAL语句的客户端将收到以下错误消息:
ERROR 3950 (42000): Loading local data is disabled; this must be enabled on both the client and server side
As of MySQL 8.0.21, the MySQL client library enables client applications to restrict local data loading operations to files located in a designated directory. Certain MySQL client programs take advantage of this capability.从MySQL 8.0.21开始,MySQL客户端库使客户端应用程序能够将本地数据加载操作限制在指定目录中的文件上。某些MySQL客户端程序利用了这一功能。
Client programs that use the C API can control which files to permit for load data loading using the 使用C API的客户端程序可以使用MYSQL_OPT_LOCAL_INFILE and MYSQL_OPT_LOAD_DATA_LOCAL_DIR options of the mysql_options() C API function (see mysql_options()).MYSQL_options()C API函数的MYSQL_OPT_LOCAL_INFILE和MYSQL_OPT_load_data_LOCAL_DIR选项控制允许加载数据的文件(请参见mysql_options())。
The effect of MYSQL_OPT_LOAD_DATA_LOCAL_DIR depends on whether LOCAL data loading is enabled or disabled:MYDateTimeOPT_LOAD_DATA_LOCAL_DIR的效果取决于本地数据加载是启用还是禁用:
If 如果在MySQL客户端库中默认启用了LOCAL data loading is enabled, either by default in the MySQL client library or by explicitly enabling MYSQL_OPT_LOCAL_INFILE, the MYSQL_OPT_LOAD_DATA_LOCAL_DIR option has no effect.LOCAL数据加载,或者通过显式启用MYSQL_OPT_LOCAL_INFILE来启用LOCAL数据装载,则MYSQL_OPT_LOAD_DATA_LOCAL_DIR选项无效。
If 如果LOCAL data loading is disabled, either by default in the MySQL client library or by explicitly disabling MYSQL_OPT_LOCAL_INFILE, the MYSQL_OPT_LOAD_DATA_LOCAL_DIR option can be used to designate a permitted directory for locally loaded files. LOCAL数据加载被禁用,无论是在MySQL客户端库中默认禁用,还是通过显式禁用MYSQL_OPT_LOCAL_INFILE,都可以使用MYSQL_OPT_LOAD_DATA_LOCAL_DIR选项为本地加载的文件指定一个允许的目录。In this case, 在这种情况下,允许加载LOCAL data loading is permitted but restricted to files located in the designated directory. Interpretation of the MYSQL_OPT_LOAD_DATA_LOCAL_DIR value is as follows:LOCAL数据,但仅限于位于指定目录中的文件。MYSQL_OPT_LOAD_DATA_LOCAL_DIR值的解释如下:
If the value is the null pointer (the default), it names no directory, with the result that no files are permitted for 如果该值是空游标(默认值),则不命名目录,结果是不允许加载LOCAL data loading.LOCAL数据的文件。
If the value is a directory path name, 如果该值是目录路径名,则允许加载LOCAL data loading is permitted but restricted to files located in the named directory. LOCAL数据,但仅限于位于指定目录中的文件。Comparison of the directory path name and the path name of files to be loaded is case-sensitive regardless of the case sensitivity of the underlying file system.无论底层文件系统的大小写敏感性如何,目录路径名和要加载的文件的路径名的比较都是区分大小写的。
MySQL client programs use the preceding MySQL客户端程序使用前面的mysql_options() options as follows:MySQL_options()选项,如下所示:
The mysql client has a mysql客户端有一个--load-data-local-dir option that takes a directory path or an empty string. --load-data-local-dir选项,它接受目录路径或空字符串。mysql uses the option value to set the mysql使用选项值来设置MYSQL_OPT_LOAD_DATA_LOCAL_DIR option (with an empty string setting the value to the null pointer). MYSQL_OPT_LOAD_DATA_LOCAL_DIR选项(用空字符串将值设置为空游标)。The effect of --load-data-local-dir depends on whether LOCAL data loading is enabled:--load-data-local-dir的效果取决于是否启用了LOCAL数据加载:
If 如果默认情况下在MySQL客户端库中或通过指定LOCAL data loading is enabled, either by default in the MySQL client library or by specifying --local-infile[=1], the --load-data-local-dir option is ignored.--local-infile[=1]启用了LOCAL数据加载,则--load-data-local-dir选项将被忽略。
If 如果MySQL客户端库中默认或通过指定LOCAL data loading is disabled, either by default in the MySQL client library or by specifying --local-infile=0, the --load-data-local-dir option applies.--local-infile=0禁用LOCAL数据加载,则应用--load-data-local-dir选项。
When 当应用--load-data-local-dir applies, the option value designates the directory in which local data files must be located. --load-data-local-dir时,选项值指定本地数据文件必须位于其中的目录。Comparison of the directory path name and the path name of files to be loaded is case-sensitive regardless of the case sensitivity of the underlying file system. 无论底层文件系统的大小写敏感性如何,目录路径名和要加载的文件的路径名的比较都是区分大小写的。If the option value is the empty string, it names no directory, with the result that no files are permitted for local data loading.如果选项值为空字符串,则不命名目录,结果是不允许本地数据加载任何文件。
mysqlimport sets mysqlimport为它处理的每个文件设置MYSQL_OPT_LOAD_DATA_LOCAL_DIR for each file that it processes so that the directory containing the file is the permitted local loading directory.MYSQL_OPT_LOAD_DATA_LOCAL_DIR,以便包含该文件的目录是允许的本地加载目录。
For data loading operations corresponding to 对于与LOAD DATA statements, mysqlbinlog extracts the files from the binary log events, writes them as temporary files to the local file system, and writes LOAD DATA LOCAL statements to cause the files to be loaded. LOAD DATA语句对应的数据加载操作,mysqlbinlog从二进制日志事件中提取文件,将它们作为临时文件写入本地文件系统,并写入LOAD DATA LOCAL语句以加载文件。By default, mysqlbinlog writes these temporary files to an operating system-specific directory. 默认情况下,mysqlbinlog会将这些临时文件写入操作系统特定的目录。The --local-load option can be used to explicitly specify the directory where mysqlbinlog should prepare local temporary files.--local-load选项可用于显式指定mysqlbinlog应在其中准备本地临时文件的目录。
Because other processes can write files to the default system-specific directory, it is advisable to specify the 因为其他进程可以将文件写入默认的系统特定目录,所以建议在mysqlbinlog中指定--local-load option to mysqlbinlog to designate a different directory for data files, and then designate that same directory by specifying the --load-data-local-dir option to mysql when processing the output from mysqlbinlog.--local-load选项,为数据文件指定一个不同的目录,然后在处理mysqlbinlog的输出时,通过在mysql中指定--load-data-local-dir选项来指定同一个目录。
MySQL Shell provides a number of utilities to dump tables, schemas, or server instances and load them into other instances. MySQL Shell提供了许多实用程序来转储表、模式或服务器实例,并将其加载到其他实例中。When you use these utilities to handle the data, MySQL Shell provides additional functions such as input preprocessing, multithreaded parallel loading, file compression and decompression, and handling access to Oracle Cloud Infrastructure Object Storage buckets. 当您使用这些实用程序处理数据时,MySQL Shell提供了其他功能,如输入预处理、多线程并行加载、文件压缩和解压缩,以及处理对Oracle云基础设施对象存储桶的访问。To get the best functionality, always use the most recent version available of MySQL Shell's dump and dump loading utilities.为了获得最佳功能,请始终使用MySQL Shell的转储和转储加载实用程序的最新版本。
MySQL Shell's data upload utilities use MySQL Shell的数据上传实用程序使用LOAD DATA LOCAL INFILE statements to upload data, so the local_infile system variable must be set to ON on the target server instance. LOAD data LOCAL INFILE语句上传数据,因此目标服务器实例上的local_infile系统变量必须设置为ON。You can do this before uploading the data, and remove it again afterwards. The utilities handle the file transfer requests safely to deal with the security considerations discussed in this topic.您可以在上传数据之前执行此操作,然后再将其删除。这些实用程序安全地处理文件传输请求,以解决本主题中讨论的安全问题。
MySQL Shell includes these dump and dump loading utilities:MySQL Shell包括以下转储和转储加载实用程序:
util.exportTable()util.exportTable()
Exports a MySQL relational table into a data file, which can be uploaded to a MySQL server instance using MySQL Shell's parallel table import utility, imported to a different application, or used as a logical backup. The utility has preset options and customization options to produce different output formats.将MySQL关系表导出到数据文件中,该文件可以使用MySQL Shell的并行表导入实用程序上传到MySQL服务器实例,导入到其他应用程序,或用作逻辑备份。该实用程序具有预设选项和自定义选项,可生成不同的输出格式。
util.importTable()util.importTable()
Inports a data file to a MySQL relational table. The data file can be the output from MySQL Shell's table export utility or another format supported by the utility's preset and customization options. 将数据文件导入MySQL关系表。数据文件可以是MySQL Shell的表导出实用程序的输出,也可以是该实用程序的预设和自定义选项支持的其他格式。The utility can carry out input preprocessing before adding the data to the table. It can accept multiple data files to merge into a single relational table, and automatically decompresses compressed files.该实用程序可以在将数据添加到表之前进行输入预处理。它可以接受多个数据文件合并到一个关系表中,并自动解压缩压缩文件。
util.dumpInstance(), schema dump utility
util.dumpSchemas(), and table dump
utility util.dumpTables()util.dumpInstance()、模式转储实用程序util.dumpSchemas()和表转储实用程序util.dumpTables()
Export an instance, schema, or table to a set of dump files, which can then be uploaded to a MySQL instance using MySQL Shell's dump loading utility. 将实例、模式或表导出到一组转储文件,然后可以使用MySQL Shell的转储加载实用程序将其上传到MySQL实例。The utilities provide Oracle Cloud Infrastructure Object Storage streaming, MySQL Database Service compatibility checks and modifications, and the ability to carry out a dry run to identify issues before proceeding with the dump.这些实用程序提供Oracle云基础设施对象存储流、MySQL数据库服务兼容性检查和修改,以及在继续转储之前进行模拟运行以识别问题的能力。
util.loadDump()util.loadDump()
Import dump files created using MySQL Shell's instance, schema, or table dump utility into a MySQL Database Service DB System or a MySQL Server instance. 将使用MySQL Shell的实例、模式或表转储实用程序创建的转储文件导入MySQL数据库服务数据库系统或MySQL服务器实例。The utility manages the upload process and provides data streaming from remote storage, parallel loading of tables or table chunks, progress state tracking, resume and reset capability, and the option of concurrent loading while the dump is still taking place. 该实用程序管理上传过程,并提供来自远程存储的数据流、表或表块的并行加载、进度状态跟踪、恢复和重置功能,以及在转储仍在进行时并发加载的选项。MySQL Shell’s parallel table import utility can be used in combination with the dump loading utility to modify data before uploading it to the target MySQL instance.MySQL Shell的并行表导入实用程序可以与转储加载实用程序结合使用,在将数据上传到目标MySQL实例之前对其进行修改。
For details of the utilities, see MySQL Shell Utilities.有关实用程序的详细信息,请参阅MySQL Shell实用程序。