Jim P. (4/3/2013)
The argument over whether xp_cmdshell is a threat means that someone, with decent knowledge, is already so far in it doesn't matter. Now I catch a programmer doing that crap, I'm going to bust his butt. But the usual end-user using an application is not going to be the danger. So trying to guard against the normal edge is good. But going to paranoiac extremes generally makes no sense.
Well said. That's my whole point about xp_CmdShell. If someone gets in deep enough (meaning with "SA" privs, in this case), you're dead even if it's turned off and depriving DBAs of its SA-only usage just doesn't make sense to me.
For the record, I'm also one of those folks that will allow it in carefully constructed application-facing stored procedures where the user doesn't actually have privs to run xp_CmdShell directly but that's a whole different argument.
--Jeff Moden
Change is inevitable... Change for the better is not.