opc.three (3/26/2013)
Here is Erland Sommarskog saying to Microsoft "The first thought at hand is to use xp_cmdshell to run a DEL command, but xp_cmdshell is best disabled."If you have any doubts about whether Erland Sommarskog understands how xp_cmdshell works, hit up Bing.
I have a huge amount of respect for Erland but if he thinks that having xp_CmdShell disabled provides anything more than a highly permeable and easily lifted veil of security, then he's also wrong. The problem is real security, not xp_CmdShell. Improper use of xp_CmdShell is nothing more than a symptom of otherwise bad security.
--Jeff Moden
Change is inevitable... Change for the better is not.