Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12345»»»

Trading in xp_cmdshell for SQLCLR (Part 1) - List Directory Contents Expand / Collapse
Author
Message
Posted Wednesday, February 4, 2009 11:24 PM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, October 20, 2014 3:10 PM
Points: 1,683, Visits: 1,797
Comments posted to this topic are about the item Trading in xp_cmdshell for SQLCLR (Part 1) - List Directory Contents

Jonathan Kehayias | Principal Consultant | MCM: SQL Server 2008
My Blog | Twitter | MVP Profile
Training | Consulting | Become a SQLskills Insider
Troubleshooting SQL Server: A Guide for Accidental DBAs
Post #650581
Posted Thursday, February 5, 2009 1:08 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, June 8, 2012 12:30 AM
Points: 150, Visits: 3,892
Thanks Jonathan for this very timely article! Can you advise whether this CLR function will work for UNC paths?

Thanks,
Carleton
Post #650601
Posted Thursday, February 5, 2009 2:06 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Today @ 3:40 AM
Points: 588, Visits: 2,554
I thought the install script for this CLR routine was nicely done, and very useful. The Asymmetric Key side is so often left out.

I can see why a CLR routine is better than your xp_cmdshell routine. As I see it, it will only work on specific version of the operating system, with a specific date format. Surely, anyone actually trying to use this code will get in a pickle. Another problem you'll come across is the nesting of the INSERT INTO ... EXEC. It seems unfair to use it as a comparison to the CLR routine, since there are ways around the specificity of the code.

I'm puzzling over the CLR routine. I can't see how you handle the exception that happens when an invalid path is passed to DirectoryInfo. As far as I can see, a NET exception is thrown and just falls back into SQL Server. How does the calling code handle this? The DOS version will politely send back a 'file not found' (depending on language setting etc.) but your CLR routine would surely just barf. Am I missing something?



Best wishes,

Phil Factor
Simple Talk
Post #650627
Posted Thursday, February 5, 2009 2:18 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, October 20, 2014 3:10 PM
Points: 1,683, Visits: 1,797
Carleton (2/5/2009)
Thanks Jonathan for this very timely article! Can you advise whether this CLR function will work for UNC paths?

Thanks,
Carleton


As long as the SQL Service Account has access to the UNC path, yes. If security needs further abstraction, a windows user could be explicitly impersonated in code to allow only specific users access to the UNC paths as well.


Jonathan Kehayias | Principal Consultant | MCM: SQL Server 2008
My Blog | Twitter | MVP Profile
Training | Consulting | Become a SQLskills Insider
Troubleshooting SQL Server: A Guide for Accidental DBAs
Post #650639
Posted Thursday, February 5, 2009 2:20 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: Monday, October 20, 2014 3:10 PM
Points: 1,683, Visits: 1,797
Phil Factor (2/5/2009)
I thought the install script for this CLR routine was nicely done, and very useful. The Asymmetric Key side is so often left out.

I can see why a CLR routine is better than your xp_cmdshell routine. As I see it, it will only work on specific version of the operating system, with a specific date format. Surely, anyone actually trying to use this code will get in a pickle. Another problem you'll come across is the nesting of the INSERT INTO ... EXEC. It seems unfair to use it as a comparison to the CLR routine, since there are ways around the specificity of the code.

I'm puzzling over the CLR routine. I can't see how you handle the exception that happens when an invalid path is passed to DirectoryInfo. As far as I can see, a NET exception is thrown and just falls back into SQL Server. How does the calling code handle this? The DOS version will politely send back a 'file not found' (depending on language setting etc.) but your CLR routine would surely just barf. Am I missing something?


Phil,

Since I never write bad code, I would never provide it a bad path. ;)

Actually you raise a good point and I'll take a look at how to make it smarter and provide an update script here in comments later on.


Jonathan Kehayias | Principal Consultant | MCM: SQL Server 2008
My Blog | Twitter | MVP Profile
Training | Consulting | Become a SQLskills Insider
Troubleshooting SQL Server: A Guide for Accidental DBAs
Post #650640
Posted Thursday, February 5, 2009 5:04 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, May 16, 2014 7:20 PM
Points: 63, Visits: 470
What is the name for the window with horizontal scroll bar in which the code is presented? Text of article -- window with code -- more article text -- another window ... In every article on sqlservercentral.com that I have read that uses the windows to present code, the windows display less than an inch wide and can't be stretched. Scrolling doesn't help when the window displays less than an inch at a time. Is this window method of setting off the code within the article discussion an improvement on simply using whitespace and switching between fonts? No.

I haven't copied the code from each of the windows and pasted it into a document where I can read it, so I haven't learned from this article. It is CLR, though, that use of CLR makes it harder for a SQL Server administrator to see what's going on with their SQL Server. A SQL Server administrator can see instantly whether xp_cmdshell is enabled, knows the implications of this, and can use T-SQL to find all stored procs with the string 'xp_cmdshell'. Security decisions that aren't transparent to the SQL Server administrator two years down the road when the clever application developer has gone elsewhere are not usually supported. If an application feature causes problems because the administrator doesn't understand it, they often rewrite that feature, calling the rewrite a patch.



_________________
"Look, those sheep have been shorn."
data analyst replies, "On the sides that we can see.."
Post #650721
Posted Thursday, February 5, 2009 5:22 AM


Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Today @ 3:40 AM
Points: 588, Visits: 2,554
use of CLR makes it harder for a SQL Server administrator to see what's going on with their SQL Server.

Yes, Agreed! However, I've recently started using NET Reflector with an add-in that allows you to see the source of all the CLR routines currently in the database.
http://www.denisbauer.com/NETTools/SQL2005Browser.aspx
It is a joy to use and it means that the D**ned developers can't hide their code from you, particularly as you can decompile it into VB or C#. and save the source to a file. Power to the DBA!



Best wishes,

Phil Factor
Simple Talk
Post #650733
Posted Thursday, February 5, 2009 5:52 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, May 16, 2014 7:20 PM
Points: 63, Visits: 470
Thank you, Phil Factor! I will be sure to keep the link to NET reflector where I can find it quickly. Now, can you explain those windows? What is wrong with them? Does the author of an article know the code is going to display inside a window less than an inch wide?


_________________
"Look, those sheep have been shorn."
data analyst replies, "On the sides that we can see.."
Post #650751
Posted Thursday, February 5, 2009 6:15 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Today @ 10:01 AM
Points: 10,282, Visits: 13,266
katesl (2/5/2009)
Now, can you explain those windows? What is wrong with them? Does the author of an article know the code is going to display inside a window less than an inch wide?


What browser are you using? FireFox is rendering the code blocks correctly on my PC. So it is likely a browser or setting issue. IE 8 also displays them correctly.

Jonathan,

Nice article. Replacement of xp_cmdshell is an excellent reason for using the CLR. Although I have never used xp_cmdshell in any of the database I have worked on.

I would imagine another place to use the CLR would be to replace use of sp_OA... procedures.




Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #650769
Posted Thursday, February 5, 2009 6:25 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Friday, May 16, 2014 7:20 PM
Points: 63, Visits: 470
Browser is IE 6 - Windows 2000 Server SP4 -- this is my machine for maintaining legacy applications.

My standard for application design is NOT to have to step outside to find out why it's displaying that way. If the article is not presented clearly, I can comment on that.



_________________
"Look, those sheep have been shorn."
data analyst replies, "On the sides that we can see.."
Post #650775
« Prev Topic | Next Topic »

Add to briefcase 12345»»»

Permissions Expand / Collapse