Home Forums SQLServerCentral.com Editorials The Command Shell RE: The Command Shell

  • April 8, 2013 at 11:08 am

    #1604506

    opc.three (4/8/2013)

    If your argument is "someone in the sysadmin Role can take down the system so why bother running a system with xp_cmdshell disabled" then I think you are completely missing the point and are only focusing on one aspect of the discussion.

    Gosh. I thought you were going to quit. 🙂

    The big point that I've been trying to make is that simply disabling xp_CmdShell offers only a thin veil of auditability and does not act as any kind of an obstacle to a would-be attacker or mischievous user, either internally or externally, if that person has SA privs.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)