opc.three (9/25/2012)
sanjuv999 (9/25/2012)
please guide meDo not enable xp_cmdshell! You do not need it for this scenario and it introduces risk in your environment.
If you want to do everyting with T-SQL use for this task BULK INSERT.
It doesn't introduce any risks that aren't already there. Only an attacker who can get in as "SA" would be able to use it and if (s)he did so, they could also turn it on. It wouldn't even slow them down because they're expecting it to be off.
I do agree, however, that it's absolutely not required for this scenario.
--Jeff Moden
Change is inevitable... Change for the better is not.