Michael L John (3/26/2013)
Wow. I started a war.Do all of you realize that you are saying the same things, but in different contexts?
Security is not something simple, and to do it correctly requires a lot of work and preparation. There are different steps required to secure SQL from internal attacks as opposed to external attacks.
Specifically to xp_cmdshell, I say disable it. The analogy is that locking a door keeps honest people honest. That being said, it's not the only thing that needs to be done to secure your system.
I also said in my original post that T-SQL and batch files are different beasts. By disabling xp_cmdshell, people (developrs!!!) are less inclined to come up with really great ideas.
No, this is not a complete solution. But it at least makes internal people stop and think.
And if DBA's are misled into thinking that disabling this completly secures their systems, then they need a lot more education.
Thank you for your well reasoned, thoughtful and sober comments.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato