Information
The local_infile parameter dictates whether files located on the MySQL client's computer can be loaded or selected via LOAD DATA INFILE or SELECT local_file.
Rationale:
For MySQL client programs and connectors prior to 8.0.21, disabling local_infile reduces an attacker's ability to read sensitive files off the affected server via an SQL injection vulnerability.
Impact:
Disabling local_infile will impact the functionality of solutions that rely on it.
Solution
Upgrade all MySQL clients and connectors to 8.0.21 or higher.
In the case where using local_infile is needed, the following changes further harden security:
On client side, secure by:
Limiting the location from where data can be read using --load-data-local-dir.
mysql --local-infile=0 --load-data-local-dir=/my/local/data
Adding TLS connection to assure server identity by requiring verification.
mysql --local-infile=0 --load-data-local-dir=/my/local/data --ssl-mode=VERIFY_IDENTITY
If local_infile is not in use or if clients are not upgraded - add the following line to the [mysqld] section of the MySQL configuration file and restart the MySQL service:
local-infile=0
Default Value:
0 (OFF)