`local_infile`

CRITICALOK

Rule IDs: sec_003, sec_010

Overview

Purpose: Documented in the MySQL 8.4 manual as a server system variable (scope: Global). Purpose and semantics are described at the linked manual page.
Dynamic (MySQL 8.4 reference): MySQL 8.4 marks this variable as dynamic (Dynamic = Yes). Runtime changes use SET GLOBAL (global scope) or SET SESSION (session scope) — confirm syntax and persistence (SET PERSIST) in the manual.
Default value: OFF (MySQL 8.4)
Version and product notes: MariaDB and Percona Server may use different names, defaults, or dynamic behavior; verify their documentation.
Documentation: https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_local_infile
Other vendors: MariaDB KB Percona Docs

What is checked

Rules that reference this variable, with their severity and what each rule detects:

CRITICAL sec_003: Disable local_infile=OFF. This is a well-known security risk that can expose server files.
OK sec_010: Positive check — confirms configuration meets expected thresholds.

Tuning guidance

Recommended actions:
- Disable local_infile=OFF. This is a well-known security risk that can expose server files.
Trade-offs: Security settings protect against unauthorized access and data exposure. Tighter settings may require application changes (e.g., SSL certificates for require_secure_transport, IP-based grants for skip_name_resolve).

Example

SET GLOBAL local_infile = OFF; -- Security best practice

Always validate on a non-production instance first. Use SET PERSIST (MySQL 8.0+) for changes that should survive restarts.

Generated from the MySQL Advisor documentation build. Dynamic Yes/No reflects the excerpt aligned with Oracle MySQL 8.4 reference material consumed by this project.