Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««678910

How to call a batch file to execute from an SP Expand / Collapse
Author
Message
Posted Monday, April 8, 2013 9:30 PM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Yesterday @ 4:39 PM
Points: 4,576, Visits: 8,342
opc.three (3/26/2013)
I absolutely do recommend alternatives to xp_cmdshell, namely PowerShell, SSIS, .NET, anything but xp_cmdshell.


I'm desperately want to know what kind of damage to the system can be done with xp_cmdshell but cannot be done with SSIS.
Considering same kind of security environment.

Someone was talking about clowns here....
Post #1440122
Posted Monday, April 8, 2013 10:08 PM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Yesterday @ 4:39 PM
Points: 4,576, Visits: 8,342
opc.three (3/26/2013)
This from a guy that argues about the optimizer with Paul White...get a clue troll.


Who is Paul White?
The bearer of the ultimate knowledge?
Your local shiny little god?
/* Everyone, this has nothing to do with Paul White himself either personally or professionally */

Sorry to ruin your perfect universe - he is not.
He's just a person who happened to know something about mechanics od SQL, and that something is more than most of other users of this forum know about SQL Server.
Good for him. It earns a well deserved respect for him amongst the community. Well deserved.

But he still can be wrong.
And you witnessed him walking away from the discussion when I proved he's wrong.
Right here: http://www.sqlservercentral.com/Forums/FindPost1340341.aspx

Well, nobody is perfect. So what?

Take a tip.
Instead of soaking up whatever you pathetic local gods utter learn how to study matters, how to analize cases and get to proven conclusions.
When you've got it you'll be able to get some clue about how things actually work.
And then your opinion may be worth a penny or two.

But so far - you're a silly parrot looking at the mouths of you pathetic gods and mindlessly repeating whatever they say.
Well, silly parrots have their place too.
Good enough for some...
Post #1440130
Posted Monday, April 8, 2013 10:13 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 6:57 AM
Points: 7,084, Visits: 12,577
Yep, I remember that thread well...it's not the leaf level of the index that becomes fragmented, it's the mid-level pages because the clustering key is stored there. You were wrong then and you're wrong now. I guess you were not worth the time to respond. I am not sure why I am bothering at all with you.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1440133
Posted Monday, April 8, 2013 10:32 PM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Yesterday @ 4:39 PM
Points: 4,576, Visits: 8,342
Jeff Moden (3/27/2013)
Or, you could do what I've done. Work with the "team" to properly lock down the system and then use all of those tools as they were intended to be used.


Jeff,
I think the use of word "properly" is totally inappropriate here.
Disabling xp_cmdshell does not lock anything down at all.
So the system needs to be locked down somehow.

The biggest danger of having xp_cmdshell disabled (absolutely agree with you on this) is in letting inexperienced admins to feel that the security hole is patched.
So they do not need to work on resolving security issues in the server(s) environment.

In fact, anyone with SA privileges can access cmd shell regardless of the xp_cmdshell state.
Any moment they like.
And in totally undetectable manner (if they wish).
The door might look locked, but the key is in the keyhole, and there is no surveillance in place.

So it's much better to have it enabled and on every team meeting stress the necessity to properly configure access privileges of the account starting SQL Server.
When they see the door is open they (for some reason) much more attentive to what's behind the door than when it seems to be closed.
Post #1440137
Posted Monday, April 8, 2013 10:39 PM
SSCarpal Tunnel

SSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal TunnelSSCarpal Tunnel

Group: General Forum Members
Last Login: Yesterday @ 4:39 PM
Points: 4,576, Visits: 8,342
opc.three (4/8/2013)
Yep, I remember that thread well...it's not the leaf level of the index that becomes fragmented, it's the mid-level pages because the clustering key is stored there. You were wrong then and you're wrong now. I guess you were not worth the time to respond. I am not sure why I am bothering at all with you.


Blah, blah, blah.
Whatever.

Scripts, Change Control, leaf level - what other words did you hear from your shiny gods?
Post #1440141
Posted Monday, April 8, 2013 10:58 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 6:57 AM
Points: 7,084, Visits: 12,577
Sergiy (4/8/2013)
opc.three (4/8/2013)
Yep, I remember that thread well...it's not the leaf level of the index that becomes fragmented, it's the mid-level pages because the clustering key is stored there. You were wrong then and you're wrong now. I guess you were not worth the time to respond. I am not sure why I am bothering at all with you.


Blah, blah, blah.
Whatever.

Scripts, Change Control, leaf level - what other words did you hear from your shiny gods?

Really? That is what you came back with? I have been doing this a long time my friend. Do I read a lot of what the "shiny gods" produce, yes, some of them hang out on this site including Jeff. Do I work in the field a lot, yes. Do I take other people's mistakes into account before making a choice so I can avoid them, yes, all of the above. I am not sure what to even make of your shiny gods comment other than to dismiss it as you not having much else of use to respond with.

However, giving credit where credit is due, your post previous to this one was insightful and added to the conversation. So personally I will thank you for that. This last one though...not your best effort, Sergiy.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1440144
Posted Sunday, April 14, 2013 9:49 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 8:06 PM
Points: 36,785, Visits: 31,243
Sergiy (4/8/2013)
Jeff Moden (3/27/2013)
Or, you could do what I've done. Work with the "team" to properly lock down the system and then use all of those tools as they were intended to be used.


Jeff,
I think the use of word "properly" is totally inappropriate here.
Disabling xp_cmdshell does not lock anything down at all.
So the system needs to be locked down somehow.

The biggest danger of having xp_cmdshell disabled (absolutely agree with you on this) is in letting inexperienced admins to feel that the security hole is patched.
So they do not need to work on resolving security issues in the server(s) environment.

In fact, anyone with SA privileges can access cmd shell regardless of the xp_cmdshell state.
Any moment they like.
And in totally undetectable manner (if they wish).
The door might look locked, but the key is in the keyhole, and there is no surveillance in place.

So it's much better to have it enabled and on every team meeting stress the necessity to properly configure access privileges of the account starting SQL Server.
When they see the door is open they (for some reason) much more attentive to what's behind the door than when it seems to be closed.


Sorry... not sure how I missed this reply. I agree 100% and it's what I've been stressing almost word for word. It's nice to see that I'm not the only person in the world that thinks this way. Thanks, Sergiy.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1442159
« Prev Topic | Next Topic »

Add to briefcase «««678910

Permissions Expand / Collapse