Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««1234

Why powershell? Expand / Collapse
Author
Message
Posted Friday, April 26, 2013 10:32 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 8:04 PM
Points: 7,141, Visits: 12,768
Sergiy (4/26/2013)
opc.three (4/26/2013)
PowerShell has security scaffolding in place


You might be surprised - but SQL Server has it too.

And cowboy developers may (most certainly will) ignore that scaffolding in PowerShell as well as they do it in SQL Server.

Unless a professional admin (DBA in case of SQL Server) will force them to use it.

Look Sergiy, I am well aware of what is available in SQL Server in terms of Security scaffolding and I am sure we could have a great conversation about the virtues of relying too heavily on any one area of a system, or one group of personnel acting within a system, to ensure a system (i.e. an entire environment) is secure. Save your condescending comments for someone else.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1447094
Posted Friday, April 26, 2013 8:39 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 4:23 PM
Points: 35,821, Visits: 32,494
opc.three (4/26/2013)
Sergiy (4/26/2013)
opc.three (4/26/2013)
A stand-alone PowerShell prompt on Homer's machine does not offer much over a stand-alone CmdShell prompt on Homer's machine in the way of added security, only in functionality. Both shells are running as Homer, from Homer's machine IP so actions from both are subject to OS level auditing under his username -and- network level auditing under his username and IP address. When Homer accesses a cmd shell promo via xp_shell neither of those things are true.


When Homer accesses a cmd shell promo via xp_shell - nothing happens.
Unless Homer is given SA privileges.

And if Homer is given same kind of privileges on the Windows domain - "neither of those things are true".
He can do whotever he wants from whereever he wants, remotely accessing any server/desktop around with a little chance of being caught.

Get your security within SQL Server right, at least at the same level as within Windows domains - and all your imaginary hazards of xp_cmdshell will go away.


You (and Jeff) are so wrong about this it's not even worth discussing anymore because it's clear you will not see the point.


Nope. Not wrong, Orlando. I just believe differently than you and a whole lot of other people. It's equally clear that you don't see my point and that's Ok. Differences in opinion spark conversation and innovation.

Also understand that Sergiy is not calling you stupid and he's not calling you a cowboy. He called MS stupid and said that cowboy developers (meaning those folks that typically ignore everything except getting something off their plate) would ignore any and all security scaffolding. And when he said "get your security right", he's not talking about you personally... he's talking about anyone and everyone getting their security right and, despite our differences, that's all 3 of our goals. These are not personal attacks. Short, brusk, and maybe even brutally to the point (English is not his native language so he tends to be short), but they're not personal attacks on you.

As for relying "too" heavily on one area of a system, doctors do it all the time. They're called "specialists" because they're really, really good at what they do. I don't see how the use of one very flexible tool paints you in a corner while the use of another very flexible tool does not.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1447215
Posted Friday, April 26, 2013 10:49 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 8:04 PM
Points: 7,141, Visits: 12,768
I could not care less what Sergiy says about anything and do not need a translator of his thoughts. I actually think its odd that you continue to do that. He may be the rudest person I have run into on this site.

I actually do see your point, but think your wrong, but qt the same time respect your right to choose. I do not on the other hand think you see my point, but that's OK. I know I am better off for having had this longest running of dialogues with you, so thank you for that Jeff.


__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1447219
Posted Tuesday, May 7, 2013 8:46 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 8:03 AM
Points: 439, Visits: 1,016
As a DBA and occasional AD admin, Powershell considerably simplifies my life.

Goodbye .bat, see ya later mmc AD. SQL OLE Automation was, IMHO, nearly unusable.

I do have the luxury of not being too worried about security, as there is a whole department between me and the outside world.





Post #1450197
Posted Wednesday, May 8, 2013 11:44 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 4:23 PM
Points: 35,821, Visits: 32,494
opc.three (4/26/2013)
I could not care less what Sergiy says about anything and do not need a translator of his thoughts. I actually think its odd that you continue to do that. He may be the rudest person I have run into on this site.


We'll have to agree to disagree again, then.

I translated because you didn't understand the short English used. You have no idea what I've learned, taught myself, and have been able to teach others because of that man and his short English.


--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1450893
Posted Thursday, May 9, 2013 7:37 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 8:04 PM
Points: 7,141, Visits: 12,768
I can't really say the same but that's great for you. Like I said, I do not need a translator and your saying I do not understand him is a little insulting. You and I have been jousting over this issue for two years and have managed to remain friends so if anything you should be consulting him on what it means to maintain composure when someone disagrees with his point of view.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1451108
« Prev Topic | Next Topic »

Add to briefcase «««1234

Permissions Expand / Collapse