Jeff Moden (9/17/2013)
srajinigandh (9/17/2013)
...company standards now does not permit usage of XP_cmdshell as it has security flaws, ...Sigh....
That's like saying that DELETE has a flaw in it because it will delete all rows if you don't include a WHERE clause. XP_CmdShell isn't "the" security problem. How people misuse is the actual problem and such misuse is pretty easy to prevent.
Hi Jeff,
I am not an expert, but certainly XP_CmdShell has elevated rights and people can misuse which no one can stop it.It would be great if you can suggest some ideas .
regards
Raj
Edit: Saw your query on similar thing ..And I beleive you were similar situation like mine ,so would be great to know how you sorted it