Home Forums SQL Server 2005 T-SQL (SS2K5) XP_cmdshell DIR RE: XP_cmdshell DIR

  • April 3, 2015 at 11:30 am

    #1788630

    Jeff Moden (4/3/2015)

    Eirikur Eiriksson (4/3/2015)

    I know I'm somewhat late to the show, haven't read through the whole trail and therefore might be missing something, but my approach would be the xp_cmdshell with "dir /S /N /C" and then filter and parse the results, in my experience it's much more efficient than creating an OLE Object.

    😎

    I absolutely agree but the stigma that some DBAs have against using xp_CmdShell is frightening while there is less of a stigma about using OLE objects. Where one may not be allowed, the other might.

    All this because of the misconfiguration of the defaults in the past. I find managing the xp_CmdShell permissions a lot easier than the OLE opbject creation, far too easy to spoof and seed malicious objects when all you have to go with are GUID references/object names. Another aspect is the memory allocation to the OLE thingies, far from optimal (correct me if I'm wrong) as still being a percentage of the available memory:pinch:

    😎