• Perry Whittle (8/17/2011)


    Its always been given bad press in the past due to the vulnerability. Its a feature hackers knew was there and could be exploited to harmful use.

    I have an admin script that enables the feature, does the work and then disables it afterwards, but i don't use it widely

    Thanks for the response, Perry. Understood and you've cited one of the most common fears.

    Exploring that fear and reasoning a bit more, how is it that hackers get in? The equally most common answer is usually through the GUI and the associated login(s). If the GUI login(s) had ONLY "PUBLIC" privs with explicit privs to only EXECUTE stored procedures and didn't have even "Datareader" or "Datawriter", can you think of a way that a hacker could get in with enough privs (ie: "SA") to use xp_CmdShell?

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)