RE: How to call a batch file to execute from an SP

SSC Guru

Points: 1003888

March 26, 2013 at 9:26 pm

opc.three (3/26/2013)
Here is Erland Sommarskog saying to Microsoft "The first thought at hand is to use xp_cmdshell to run a DEL command, but xp_cmdshell is best disabled."
https://connect.microsoft.com/SQLServer/feedback/details/470000/make-it-possible-to-copy-certificiates-between-databases-without-the-file-system
If you have any doubts about whether Erland Sommarskog understands how xp_cmdshell works, hit up Bing.

I have a huge amount of respect for Erland but if he thinks that having xp_CmdShell disabled provides anything more than a highly permeable and easily lifted veil of security, then he's also wrong. The problem is real security, not xp_CmdShell. Improper use of xp_CmdShell is nothing more than a symptom of otherwise bad security.

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)