RE: Your Password has Failed the Test

SSC Guru

Points: 1003907

October 7, 2012 at 8:07 am

These privileges would give you control over every SQL Server instance, and if XP_CmdShell was enabled, then you could control the machine.

I disagree not about controlling the whole machine but with the suggestion that having XP_CmShell turned on causes any sort of a problem. Specifically, you're talking about someone breaking in with an "sa" prived account. Whether or not XP_CmdShell is enabled or not, you've just let someone in with "sa" privs and they can turn XP_CmdShell on just like any other "sa" prived person can. In fact, any hacker hell bent on gaining such access will be expecting XP_CmdShell to be turned off and will turn it on without missing a step.

XP_CmdShell is not the problem here. Poor security is the only problem here.

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)