sturner (6/22/2009)
It is really only dangerous in the case where appropriate and strict adherence to minimum required permissions and complex password safeguards are lacking or non-existent. Unfortunately this is true in too many situations and has resulted in giving this rather useful procedure a bad name. Most people take the brute force (easier) approach and disable the feature.There are many ways to hack a database, this is but one of the more interesting ones. Having said that, proper adherence to SQL Server security on objects and logins along with application coding designed to be injection-proof will make this particular procedure no more of a danger than DROP TABLE. I'll get flamed for saying this but it is a fact.
I know this is an old thread but I wanted to add... I absolutely agree. It's not the tool that's bad. It's the way that people implement it.
--Jeff Moden
Change is inevitable... Change for the better is not.