The LOAD DATA statement can load a
      file that is located on the server host, or it can load a file
      that is located on the client host when the
      LOCAL keyword is specified.
    
      There are two potential security issues with supporting the
      LOCAL version of LOAD
      DATA statements:
    
          The transfer of the file from the client host to the server
          host is initiated by the MySQL server. In theory, a patched
          server could be built that would tell the client program to
          transfer a file of the server's choosing rather than the file
          named by the client in the LOAD
          DATA statement. Such a server could access any file
          on the client host to which the client user has read access.
        
          In a Web environment where the clients are connecting from a
          Web server, a user could use
          LOAD DATA
          LOCAL to read any files that the Web server process
          has read access to (assuming that a user could run any command
          against the SQL server). In this environment, the client with
          respect to the MySQL server actually is the Web server, not
          the remote program being run by the user who connects to the
          Web server.
        
      To deal with these problems, we changed how
      LOAD DATA
      LOCAL is handled as of MySQL 3.23.49 and MySQL 4.0.2
      (4.0.13 on Windows):
    
          By default, all MySQL clients and libraries in binary
          distributions are compiled with the
          --enable-local-infile option, to be
          compatible with MySQL 3.23.48 and before.
        
          If you build MySQL from source but do not invoke
          configure with the
          --enable-local-infile option,
          LOAD DATA
          LOCAL cannot be used by any client unless it is
          written explicitly to invoke
          mysql_options(...
          MYSQL_OPT_LOCAL_INFILE, 0). See
          mysql_options().
        
          You can disable all
          LOAD DATA
          LOCAL commands from the server side by starting
          mysqld with the
          --local-infile=0 option.
        
          For the mysql command-line client, enable
          LOAD DATA
          LOCAL by specifying the
          --local-infile[=1] option, or
          disable it with the
          --local-infile=0 option. For
          mysqlimport, local data file loading is off
          by default; enable it with the
          --local or
          -L option. In any case, successful use of a
          local load operation requires that the server is enabled to
          allow it.
        
          If you use LOAD
          DATA LOCAL in Perl scripts or other programs that
          read the [client] group from option files,
          you can add the local-infile=1 option to
          that group. However, to keep this from causing problems for
          programs that do not understand
          local-infile, specify it using the
          loose- prefix:
        
[client] loose-local-infile=1
          If LOAD DATA
          LOCAL is disabled, either in the server or the
          client, a client that attempts to issue such a statement
          receives the following error message:
        
ERROR 1148: The used command is not allowed with this MySQL version
MySQL Enterprise. 
        Security advisors notify subscribers to the MySQL Enterprise
        Monitor whenever a server is started with the
        --local-infile option enabled.
        For more information, see http://www.mysql.com/products/enterprise/advisors.html.
      

