Steve Jones - SSC Editor (4/3/2013)
Very interesting discussion.Opc.three, you did bring up a few good points, but this isn't one of them.
opc.three (4/3/2013)I understand how xp_cmdshell works but if it's made available in my environment that won't necessarily stop a developer from abusing it in an application design capacity,
There definitely a danger of exposing this in applications, especially to developers, but the main point I was asking about was administrative issues. If someone already is a sysadmin, and potentially can run unsafe code in PoSh or some other scripting language, is xp_cmdshell worse? I'm not sure it is. There is a potential issue for injection attacks as TravisDBA pointed out, but I'm also not sure those attacks couldn't be sent through PoSh as well.
Of course, if the application and user accounts are simply not members of an admin role, then the security threat posed by xp_cmdshell is marginal. If role based security and permissions are properly setup in production, then the worst that can happen is that the developer attempts to leverage something via xp_cmdshell, it works in development, but then it fails with access denied in QA or Production. That's not really a disaster (at least not from the DBA's perspective), but it will mean that the developer has to pull at all-nighter to re-write their code.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho