Jeff Moden (4/8/2013)
opc.three (4/8/2013)
Jeff Moden (4/8/2013)
opc.three (4/8/2013)
If your argument is "someone in the sysadmin Role can take down the system so why bother running a system with xp_cmdshell disabled" then I think you are completely missing the point and are only focusing on one aspect of the discussion.Gosh. I thought you were going to quit. 🙂
😛 I did...quit debating the same disagreement over the comment you continue to reiterate, with no progress. There is no chance I am going to quit steering people away from implementing xp_cmdshell in favor of more secure, more auditable and more robust tools like PowerShell, SSIS and .NET.
Then game on, ol' firend. Whether it get's used or not, turning xp_CmdShell off is like holding up a bathtowel to sheild yourself from a nuclear blast. The real security problems need to be addressed instead. 😛
If nuclear blasts were the only reason to leave xp_cmdshell disabled then you would have a great point. Unfortunately, that is simply too narrow a view.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato