Only people with sysadmin privs can enable it. Only people with sysadmin privs can use it (unless you've made the terrible mistake of allowing non-DBAs to use it with or without a proxy). If an attacker get's in but doesn't attain sysadmin privs (one way or another), they can't use xp_CmdShell. If they do get in with sysadmin privs , having it disable does NOTHING for security except cause a couple of millisecond delay in their attach software. Further, if they make it in with sysadmin, they don't even need xp_CmdShell because they can, quite literally, do anything they want.
Turn on xp_CmdShell and use it. If that makes you paranoid because you need to be paranoid about who gets sysadmin privs either intentionally or during an attack. xp_CmdShell isn't a security risk. Bad security is the security risk that you need to be paranoid about.
is pronounced "ree-bar
" and is a "Modenism
" for R
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
"Change is inevitable... change for the better is not".
"Dear Lord... I'm a DBA so please give me patience because, if you give me strength, I'm going to need bail money too!"
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)