Wow. I started a war.
Do all of you realize that you are saying the same things, but in different contexts?
Security is not something simple, and to do it correctly requires a lot of work and preparation. There are different steps required to secure SQL from internal attacks as opposed to external attacks.
Specifically to xp_cmdshell, I say disable it. The analogy is that locking a door keeps honest people honest. That being said, it's not the only thing that needs to be done to secure your system.
I also said in my original post that T-SQL and batch files are different beasts. By disabling xp_cmdshell, people (developrs!!!) are less inclined to come up with really great ideas.
No, this is not a complete solution. But it at least makes internal people stop and think.
And if DBA's are misled into thinking that disabling this completly secures their systems, then they need a lot more education.
Michael L John
If you assassinate a DBA, would you pull a trigger?
To properly post on a forum:
http://www.sqlservercentral.com/articles/61537/