Thanks for the information, it answered a lot of my questions. I'm an accidental DBA at best. I never grant individual users any special privs so I don't think I'm in any jeopardy here. No users can execute xp_cmdshell except through an application s/p, and I always disable it in the s/p code as soon as I can.
Anyway, thanks again for the confirmation.
Disabling xp_CmdShell when you're done using it is fine but it really does nothing for security. Only the people (have "SA" privs) that can actually use it can turn it on.
I am concerned a bit about what one of the application SPs might look like for running xp_CmdShell because of the "public facing" nature of such SPs and the fact that there is such a thing as "DOS Injection". I'm also concerned with how the privs are setup since the application SPs turn it on and off. I'd be happy to check for you if you'd like to post them. If they're "sensitive", you could PM me instead.
is pronounced ree-bar and is a Modenism for R
First step towards the paradigm shift of writing Set Based code: Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
Although they tell us that they want it real bad, our primary goal is to ensure that we dont actually give it to them that way.
Although change is inevitable, change for the better is not.
Just because you can do something in PowerShell, doesnt mean you should. Helpful Links:
How to post code problemsHow to post performance problemsForum FAQs