Home Forums SQL Server 2008 T-SQL (SS2K8) How to call a batch file to execute from an SP RE: How to call a batch file to execute from an SP

  • March 26, 2013 at 8:36 pm

    #1601007

    Sergiy (3/26/2013)

    opc.three (3/26/2013)

    Securing SQL Server by Denny Cherry:

    - page 153 recommends to "disable xp_cmdshell"

    - page 161 recommends "removing the extended stored proc xp_cmdshell" but goes on to say that (paraphrased) "you may need to add them back before doing system upgrades and they can be re-added by a crafty attacker with the right level of permissions and knowledge of the system"

    OK, another one fallen into the same misconception.

    Not really surprising.

    Jeff pointed out that it's a very common one.

    Denny left the back door open for him to escape though.

    Still not sure that knowing how to use "sp_configure" makes you some kind of crafty one.

    He was not referring to sp_configure at all.

    http://www.galileowaswrong.com/galileowaswrong

    You're a clown, that's funny 😛

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato