Connector/NET 8.0.16 added the AllowLoadLocalInfile connection string option:
Default: false
Disables (by default) or enables the server functionality to load the data local infile.
This clears (sets) the ProtocolCapabilities.LocalFiles bit in the initial handshake. It should also cause the client to reject any request (from the server) to load a local file.
This is a security precaution.
MySqlConnector already has a mitigation for this vulnerability: #334. However, it may still be best to follow the latest MySQL security guidance and offer defense in depth by adding this connection string option.
Connector/NET 8.0.16 added the
AllowLoadLocalInfileconnection string option:This clears (sets) the
ProtocolCapabilities.LocalFilesbit in the initial handshake. It should also cause the client to reject any request (from the server) to load a local file.This is a security precaution.
MySqlConnector already has a mitigation for this vulnerability: #334. However, it may still be best to follow the latest MySQL security guidance and offer defense in depth by adding this connection string option.