MySQL database instance ‘local_infile’ database flag should be set to ‘off’

Description

The MySQL database instance ‘local_infile’ flag controls server-side LOCAL capabilities for LOAD DATA statements. If permitted, clients can perform local data loading, which can be a security risk.

Remediation Steps

Google Cloud Console

• Navigate to Cloud SQL instances.

• Click on the Cloud SQL MySQL database instance name to go to the Overview page.

• Click EDIT and scroll down to the Flags section.

• Select ADD FLAG, choose the local_infile flag, and set the value to off.

• Click DONE.

gcloud CLI

• Set the local_infile database flag to off for each Cloud SQL MySQL database instance:

  • gcloud sql instances patch INSTANCE_NAME --database-flags local_infile=off

Documentation Links

Runtime

• MySQL security considerations for LOAD DATA LOCAL

• Cloud SQL configuring database flags

• CLI: gcloud sql instances patch