Home Forums SQL Server 2008 SQL Server Newbies bcp a pipe delimited file RE: bcp a pipe delimited file

  • September 27, 2012 at 10:59 am

    #1543013

    opc.three (9/26/2012)

    Jeff Moden (9/26/2012)

    opc.three (9/25/2012)

    sanjuv999 (9/25/2012)

    please guide me

    Do not enable xp_cmdshell! You do not need it for this scenario and it introduces risk in your environment.

    If you want to do everyting with T-SQL use for this task BULK INSERT.

    It doesn't introduce any risks that aren't already there. Only an attacker who can get in as "SA" would be able to use it and if (s)he did so, they could also turn it on. It wouldn't even slow them down because they're expecting it to be off.

    Enabling xp_cmdshell does introduce risk into an environment despite how slight or irrelevant you think those risks may be.

    If you have control over who has "SA" privs, it simply does not. If you don't have that kind of control over your database (and you absolutely should), disabling it is nothing more than a warm fuzzy that won't actually work because anyone with "SA" privs can simply turn it on.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)