Jeff Moden (10/1/2012)
opc.three (10/1/2012)
Jeff Moden (10/1/2012)
Of course, you should make sure you're system is properly locked down first.Properly locking down your system, what exactly do you mean by that?
It's simple. Only the DBAs have SA privs and no non-DBA user or app has been given a proxy to execute xp_CmdShell directly. They can only do it through a stored procedure that can't even see the content of.
Congratulations! You have boiled down 'Securing SQL Server' into less tHan 40 words! :hehe:
The fact remains that enabling xp_cmdshell introduces risk into an environment and there simply is no reason one needs to enable it to manage a database.
For the original poster and any onlookers it is in your best interests to look beyond xp_cmdshell when evaluating how to solve an issue in SQL Server.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato