patternsqlMinor
Is it safe to set xp_cmdshell value 1?
Viewed 0 times
valuexp_cmdshellsetsafe
Problem
I need to use xp_cmdshell in one of SQL job.So is it safe to reconfigure xp_cmdshell to 1 or can i set value 1 in the starting of SQL statements and set it back to 0 in the end of SQL Statement ?
Solution
No, it is not very safe if you get untrusted input into the database (i.e. if it is on a web server or such). You basically hand the user a really dangerous tool if you have any SQL injection vulnerability. I would not run that risk on public-facing servers.
Internal servers may be another thing, but internal attacks are often overlooked, so probably "we" should protect against internal attack also.
Also, if setup correctly (see https://msdn.microsoft.com/en-us//library/ms175046.aspx ) you need a proxy account and all kinds of SQL Server pereparations to use it.
I would always suggest using SSIS or SQL Server Agent to perform OS level tasks.
Internal servers may be another thing, but internal attacks are often overlooked, so probably "we" should protect against internal attack also.
Also, if setup correctly (see https://msdn.microsoft.com/en-us//library/ms175046.aspx ) you need a proxy account and all kinds of SQL Server pereparations to use it.
I would always suggest using SSIS or SQL Server Agent to perform OS level tasks.
Context
StackExchange Database Administrators Q#157863, answer score: 2
Revisions (0)
No revisions yet.