Perry Whittle (8/17/2011)
Its always been given bad press in the past due to the vulnerability. Its a feature hackers knew was there and could be exploited to harmful use.I have an admin script that enables the feature, does the work and then disables it afterwards, but i don't use it widely
Thanks for the response, Perry. Understood and you've cited one of the most common fears.
Exploring that fear and reasoning a bit more, how is it that hackers get in? The equally most common answer is usually through the GUI and the associated login(s). If the GUI login(s) had ONLY "PUBLIC" privs with explicit privs to only EXECUTE stored procedures and didn't have even "Datareader" or "Datawriter", can you think of a way that a hacker could get in with enough privs (ie: "SA") to use xp_CmdShell?
--Jeff Moden
Change is inevitable... Change for the better is not.