I understand that users must have FILE
privilege on *.*
in order to use the LOAD DATA INFILE
command without using LOCAL
—which sends the file data through the client—but when GRANT
ing FILE
privilege to a MySQL user, how can you restrict the directories from which a user can load data from (similar to secure_file_priv
, but user-specific)?
What is best-practice in this regard? To simply force users to use the LOCAL
keyword and sacrifice a little performance for security, or grant FILE
privilege to database users?