SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Why powershell?


Why powershell?

Author
Message
Orlando Colamatteo
Orlando Colamatteo
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19441 Visits: 14398
Sergiy (4/26/2013)
opc.three (4/26/2013)
PowerShell has security scaffolding in place


You might be surprised - but SQL Server has it too.

And cowboy developers may (most certainly will) ignore that scaffolding in PowerShell as well as they do it in SQL Server.

Unless a professional admin (DBA in case of SQL Server) will force them to use it.

Look Sergiy, I am well aware of what is available in SQL Server in terms of Security scaffolding and I am sure we could have a great conversation about the virtues of relying too heavily on any one area of a system, or one group of personnel acting within a system, to ensure a system (i.e. an entire environment) is secure. Save your condescending comments for someone else.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)

Group: General Forum Members
Points: 117427 Visits: 41450
opc.three (4/26/2013)
Sergiy (4/26/2013)
opc.three (4/26/2013)
A stand-alone PowerShell prompt on Homer's machine does not offer much over a stand-alone CmdShell prompt on Homer's machine in the way of added security, only in functionality. Both shells are running as Homer, from Homer's machine IP so actions from both are subject to OS level auditing under his username -and- network level auditing under his username and IP address. When Homer accesses a cmd shell promo via xp_shell neither of those things are true.


When Homer accesses a cmd shell promo via xp_shell - nothing happens.
Unless Homer is given SA privileges.

And if Homer is given same kind of privileges on the Windows domain - "neither of those things are true".
He can do whotever he wants from whereever he wants, remotely accessing any server/desktop around with a little chance of being caught.

Get your security within SQL Server right, at least at the same level as within Windows domains - and all your imaginary hazards of xp_cmdshell will go away.


You (and Jeff) are so wrong about this it's not even worth discussing anymore because it's clear you will not see the point.


Nope. Not wrong, Orlando. I just believe differently than you and a whole lot of other people. It's equally clear that you don't see my point and that's Ok. Differences in opinion spark conversation and innovation.

Also understand that Sergiy is not calling you stupid and he's not calling you a cowboy. He called MS stupid and said that cowboy developers (meaning those folks that typically ignore everything except getting something off their plate) would ignore any and all security scaffolding. And when he said "get your security right", he's not talking about you personally... he's talking about anyone and everyone getting their security right and, despite our differences, that's all 3 of our goals. These are not personal attacks. Short, brusk, and maybe even brutally to the point (English is not his native language so he tends to be short), but they're not personal attacks on you.

As for relying "too" heavily on one area of a system, doctors do it all the time. They're called "specialists" because they're really, really good at what they do. I don't see how the use of one very flexible tool paints you in a corner while the use of another very flexible tool does not.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Orlando Colamatteo
Orlando Colamatteo
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19441 Visits: 14398
I could not care less what Sergiy says about anything and do not need a translator of his thoughts. I actually think its odd that you continue to do that. He may be the rudest person I have run into on this site.

I actually do see your point, but think your wrong, but qt the same time respect your right to choose. I do not on the other hand think you see my point, but that's OK. I know I am better off for having had this longest running of dialogues with you, so thank you for that Jeff.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
schleep
schleep
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1375 Visits: 1342
As a DBA and occasional AD admin, Powershell considerably simplifies my life.

Goodbye .bat, see ya later mmc AD. SQL OLE Automation was, IMHO, nearly unusable.

I do have the luxury of not being too worried about security, as there is a whole department between me and the outside world.



Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)SSC Guru (117K reputation)

Group: General Forum Members
Points: 117427 Visits: 41450
opc.three (4/26/2013)
I could not care less what Sergiy says about anything and do not need a translator of his thoughts. I actually think its odd that you continue to do that. He may be the rudest person I have run into on this site.


We'll have to agree to disagree again, then.

I translated because you didn't understand the short English used. You have no idea what I've learned, taught myself, and have been able to teach others because of that man and his short English.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Orlando Colamatteo
Orlando Colamatteo
SSCoach
SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)SSCoach (19K reputation)

Group: General Forum Members
Points: 19441 Visits: 14398
I can't really say the same but that's great for you. Like I said, I do not need a translator and your saying I do not understand him is a little insulting. You and I have been jousting over this issue for two years and have managed to remain friends so if anything you should be consulting him on what it means to maintain composure when someone disagrees with his point of view.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search