Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: SQL-Server
What exactly is external procedure xp_cmdshell in sql server?
I wanna know why it's said to be dangerous!!
Posted 31-Dec-12 7:32am

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

You can execute OS level commands on the server.
It is not dangerous on it's own. But if the a database or a server is not well protected, if there are leaks in the security settings, an attacker can access the operating system itself, and that's the danged.
So you need to be extremely careful. Here are some really good articles you should read in this topic:
- http://thinkingeek.com/2008/11/13/controlling-the-commands-executed-with-xp_cmdshell-on-sql-server-2005/[^]
- http://blogs.msdn.com/b/sqlsecurity/archive/2008/01/10/xp-cmdshell.aspx[^]
But if you can avoid using it.
  Permalink  
Comments
Sergey Alexandrovich Kryukov at 31-Dec-12 16:01pm
   
Good points, a 5.
Happy New Year!
—SA
Zoltán Zörgő at 31-Dec-12 16:28pm
   
Thank you and a Happy New Year to you too!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 566
1 OriginalGriff 345
2 CPallini 200
3 PIEBALDconsult 150
4 Magic Wonder 131
0 OriginalGriff 5,795
1 Sergey Alexandrovich Kryukov 5,028
2 CPallini 4,700
3 George Jonsson 3,142
4 Gihan Liyanage 2,450


Advertise | Privacy | Mobile
Web02 | 2.8.140916.1 | Last Updated 31 Dec 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100