Samuel Clough (4/22/2008)
I'm surprised by this article. For one thing, as already stated, this stored proc should never be enabled. Secondly, why use a database to do file i/o? I wouldn't want someone writing files on my database server. It sorta smells like a hack.To me ...
:pinch: I hate infinitives.
Security is a separate issue that always must be dealt with, but there is nothing at all unsecure about using xp_cmdshell in your code.
The article is not in depth enough to make a judgement regarding whether or not using xp_cmdshell was the best method. However when weighing the pros and cons, one must always consider the maintainability of the code. It doesn't get much more maintainable than a stored procedure.