Click here to Skip to main content
12,696,493 members (31,520 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: SQL-Server
What exactly is external procedure xp_cmdshell in sql server?
I wanna know why it's said to be dangerous!!
Posted 31-Dec-12 8:32am

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

You can execute OS level commands on the server.
It is not dangerous on it's own. But if the a database or a server is not well protected, if there are leaks in the security settings, an attacker can access the operating system itself, and that's the danged.
So you need to be extremely careful. Here are some really good articles you should read in this topic:
- http://thinkingeek.com/2008/11/13/controlling-the-commands-executed-with-xp_cmdshell-on-sql-server-2005/[^]
- http://blogs.msdn.com/b/sqlsecurity/archive/2008/01/10/xp-cmdshell.aspx[^]
But if you can avoid using it.
  Permalink  
Comments
Sergey Alexandrovich Kryukov 31-Dec-12 16:01pm
   
Good points, a 5.
Happy New Year!
—SA
Zoltán Zörgő 31-Dec-12 16:28pm
   
Thank you and a Happy New Year to you too!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.170118.1 | Last Updated 31 Dec 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100