Viewing 15 posts - 1,441 through 1,455 (of 7,168 total)
I may have picked up am extra trailing parent when it copied it from my script. Try removing that and see what you get. Better yet, deconstruct the command and...
March 25, 2013 at 6:52 am
Sergiy (3/24/2013)
opc.three (3/24/2013)
Sergiy (3/24/2013)
Version control. Change management processes. Code review. Layers...
What all these words have to do with stealing data by launching an ad-hoc query using SA privilages?
Or you really...
March 25, 2013 at 6:48 am
Read up on how to call a script using powershell.exe. That does nit look right. The ampersand is for code-blocks iirc. Just run the stuff I gave you at a...
March 24, 2013 at 10:00 pm
Sergiy (3/24/2013)
opc.three (3/24/2013)
But consider the employee in the sysadmin Role looking to steal data without being detected.
And?
How adding an "sp_configure" command to a script used for stealing data...
March 24, 2013 at 9:27 pm
Sergiy (3/24/2013)
opc.three (3/24/2013)
All of those things should be done in addition to leaving xp_cmdshell disabled.If those things are done there is no point of disabling xp_cmdshell.
Why do you need it?...
March 24, 2013 at 8:58 pm
Sergiy (3/24/2013)
opc.three (3/24/2013)
You're still hung up on external scenarios.Not really.
Replace "intruder" with "employee gone nuts".
What does it change?
Not much you can do there. But consider the employee in the sysadmin...
March 24, 2013 at 8:53 pm
Sergiy (3/24/2013)
opc.three (3/24/2013)
March 24, 2013 at 8:19 pm
Sergiy (3/24/2013)
opc.three (3/24/2013)
The fact is that a system with xp_cmdshell disabled has less security exposures, has less vulnerabilities and is more auditable than a system where it is enabled.
OK.
I'm an...
March 24, 2013 at 8:17 pm
You're still hung up on 'external attackers.' The point is, xp_cmdshell is a blunt tool that cannot be audited and allows people to run commands as someone else, possibly with...
March 24, 2013 at 7:17 pm
It is their choice ultimately, but to paraphrase a comment you have made in the past, characterizing xp_cmdshell as "safe as a SELECT statement" is just plain inaccurate. In the...
March 24, 2013 at 6:06 pm
Jeff Moden (3/24/2013)
March 24, 2013 at 3:32 pm
Jeff Moden (3/24/2013)
Michael L John (3/21/2013)
BUT I also stand by the statement because unfortunately poor security seems to be the norm. It seems as if DBA's are so...
March 24, 2013 at 3:17 pm
Jeff Moden (3/24/2013)
March 24, 2013 at 3:08 pm
Jeff Moden (3/24/2013)
opc.three (3/24/2013)
Michael L John (3/21/2013)
BUT I also stand by the statement because unfortunately poor security seems to be the norm. It seems as if DBA's are...
March 24, 2013 at 2:02 pm
Oracle_91 (3/24/2013)
installing powershell do we any security risks as mine windows 2003. am not sure we can download sdk which has powershell 2.0.can u share the script?
PowerShell is a...
March 24, 2013 at 12:39 pm
Viewing 15 posts - 1,441 through 1,455 (of 7,168 total)