
MySQL client allows MySQL server to request any local file by default - jsiepkes
https://twitter.com/gwillem/status/1086275952915533828
======
iforgotpassword
I never worked on anything as complex as mysql, and I'm definitely not trying
to say "well durr hurr see you should use postgres since mysql is developed by
morons".

But how on earth do you end up with a design like that? I've done a lot of
network development, including file transfers, but never ended up in a
situation where I was like "uh, this is totally backwards and can easily be
exploited, but doing it the right way is an order of magnitude harder."
Imagine HTTP PUT would work that way.

I'd really love to learn how they ended up with this. The past has shown that
in _most_ cases there is an explanation that's at least somewhat
understandable.

