Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: SQL-Server
What exactly is external procedure xp_cmdshell in sql server?
I wanna know why it's said to be dangerous!!
Posted 31-Dec-12 7:32am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You can execute OS level commands on the server.
It is not dangerous on it's own. But if the a database or a server is not well protected, if there are leaks in the security settings, an attacker can access the operating system itself, and that's the danged.
So you need to be extremely careful. Here are some really good articles you should read in this topic:
- http://thinkingeek.com/2008/11/13/controlling-the-commands-executed-with-xp_cmdshell-on-sql-server-2005/[^]
- http://blogs.msdn.com/b/sqlsecurity/archive/2008/01/10/xp-cmdshell.aspx[^]
But if you can avoid using it.
  Permalink  
Comments
Sergey Alexandrovich Kryukov at 31-Dec-12 16:01pm
   
Good points, a 5.
Happy New Year!
—SA
Zoltán Zörgő at 31-Dec-12 16:28pm
   
Thank you and a Happy New Year to you too!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 385
1 Maciej Los 180
2 Tino Fourie 132
3 Richard MacCutchan 115
4 arvind mepani 104


Advertise | Privacy | Mobile
Web02 | 2.8.140709.1 | Last Updated 31 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid