Understanding secure_file_priv in MySQL Security

The secure_file_priv server variable is a critical security feature in MySQL that controls the directory paths from which data can be imported or exported. This article explains the significance of secure_file_priv in protecting database servers from unauthorized file access, details its three operational states, and outlines how it prevents malicious exploits such as SQL injection and directory traversal attacks.

What is secure_file_priv?

In MySQL, users can import data from external files into tables using the LOAD DATA INFILE statement, or export query results to the server’s file system using the SELECT ... INTO OUTFILE statement.

Without restrictions, these operations pose a massive security risk. The secure_file_priv system variable mitigates this risk by limiting the effect of data import and export operations to a specific, designated directory on the server.

The Three Configuration States

The secure_file_priv variable can be configured in one of three ways, each carrying different security implications:

Why secure_file_priv is Crucial for Data Security

1. Mitigation of SQL Injection Exploits

SQL injection (SQLi) is one of the most common database vulnerabilities. If an attacker successfully injects SQL commands into an application, they could attempt to read sensitive operating system files (such as /etc/passwd or configuration files) using the LOAD_FILE() function. Alternatively, they might attempt to write a malicious script, such as a PHP web shell, to the web server’s root directory using INTO OUTFILE. Properly configuring secure_file_priv prevents these actions by strictly blocking file operations outside the designated folder, even if an attacker gains administrative database access.

2. Prevention of Directory Traversal

By locking file operations to a specific directory, secure_file_priv prevents directory traversal attacks. Users cannot use relative paths (like ../../) to navigate out of the permitted directory to access or overwrite system-critical files.

3. Separation of Duties and Operating System Isolation

Restricting file exports to a dedicated directory allows system administrators to implement strict Operating System (OS) permissions. Administrators can restrict access to the export folder so that only authorized system users or automated scripts can retrieve the exported data, preventing unauthorized local users from viewing sensitive database dumps.

Checking and Configuring secure_file_priv

To check the current status of the variable on your MySQL server, execute the following SQL command:

SHOW VARIABLES LIKE 'secure_file_priv';

To modify this variable, you must edit the MySQL configuration file (my.cnf on Linux or my.ini on Windows) under the [mysqld] section:

[mysqld]
secure_file_priv="/var/lib/mysql-files"

Because secure_file_priv is a read-only variable at runtime, any changes made to the configuration file require a restart of the MySQL service to take effect.