Home Forums Article Discussions Article Discussions by Author Discuss content posted by Sylvia Moestl Vasilik Easy Error Trapping When Using xp_cmdshell RE: Easy Error Trapping When Using xp_cmdshell

  • February 2, 2010 at 3:06 pm

    #1112545

    Pete,

    I have to challenge a number of things in your post.

    The biggest problem with security is apathy and lazyness. FAR too many people use highly privileged accounts for app logins, OR their application is architected in such a way that requires excess rights. A little SQL injection and BOOM, I do what I want to your server. There are many examples of this in the news and on this site.

    I think you'll find the number of SQL Server logins that are Domain Admins is fairly low, that is lazy in the extreme. What I think you will see a LOT of is domain accounts as Local Admins, this seems to be the middle ground. It would be best to use a domain account just as a user, but most shops don't want to deal with that, per my experience. And if the machine will NEVER (hate that word) touch ANY machine but itself you could potentially use a local account, but that is a tall order..

    CEWII