opc.three (3/24/2013)
The point is, xp_cmdshell is a blunt tool that cannot be audited and allows people to run commands as someone else, possibly with more permissions than their own, without the possibility of being detected or tracked.
Would it be wiser to limit the privileges associated with the account running sqlserver service to its jon related tasks?
Read from there, write there, check on that location, execute that task.
That's it. The list is closed.
If you need to do something else - talk to your system administrator, as they say in MS messages.
This layer would be definitely harder to pass than to enable xp_cmdshell, don't you think?
_____________
Code for TallyGenerator