Sigerson (6/3/2013)
@Jeff:Thanks for the information, it answered a lot of my questions. I'm an accidental DBA at best. I never grant individual users any special privs so I don't think I'm in any jeopardy here. No users can execute xp_cmdshell except through an application s/p, and I always disable it in the s/p code as soon as I can.
Anyway, thanks again for the confirmation.
Disabling xp_CmdShell when you're done using it is fine but it really does nothing for security. Only the people (have "SA" privs) that can actually use it can turn it on.
I am concerned a bit about what one of the application SPs might look like for running xp_CmdShell because of the "public facing" nature of such SPs and the fact that there is such a thing as "DOS Injection". I'm also concerned with how the privs are setup since the application SPs turn it on and off. I'd be happy to check for you if you'd like to post them. If they're "sensitive", you could PM me instead.
--Jeff Moden
Change is inevitable... Change for the better is not.