• If you were a hacker with SA access on a SQL Server where someone managed to completely lock out xp_cmdshell, wouldn't it just be as efficient to load some unsafe CLR and do whatever you wanted to do with xp_cmdshell?

    I would guess that any exploit someone could use with xp_cmdshell would be even easier to pull off with a good old piece of C# code and some P/Invoke.

    My conclusion would be the same as your, if someone manage to be SA, they win (not a reason to not try to make their life miserable though).