Home Forums SQL Server 2008 T-SQL (SS2K8) How to call a batch file to execute from an SP RE: How to call a batch file to execute from an SP

  • March 25, 2013 at 8:01 pm

    #1600576

    Sergiy (3/25/2013)

    opc.three (3/25/2013)

    Care to clarify what you meant? Since it is clear now that you did not say "script" to mean something submitted for normal review and deployment.

    Not sure what needs to be clarified here.

    How do you imagine a process of stealing data?

    I'd see it as someone running a commang against database to retrieve some data and pass it somewhere.

    I would expect it to be an SQL statement, most likely more than 1.

    Which makes it a script.

    http://oxforddictionaries.com/definition/english/script?q=script:

    Definition of script

    noun

    ...

    Computing: an automated series of instructions carried out in a specific order.

    Adding sp_configure command activating xp_cmdshell on top of such script won't create any trouble or hold the process.

    What makes disabling xp_cmdshell absolutely useless.

    Look, you do not need to become a jerk. "Script" is not an unambiguous term in the world of SQL Server. I took it to mean "a saved file submitted by a developer for review by a peer and eventual execution by a DBA."

    The point is, when you run something as xp_cmdshell you are taking on the identity of the SQL Server service account, which in some environments could mean an elevation of your own privileges, e.g. being able to reach file share you yourself could not reach. I am not going to argue with you. It's clear you do not want to see the point, so I cannot do more.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato