It is already known to every SQL newbie that the system xp_cmdshell stored procedure is a huge hole in SQL security. Basically, it allows anyone with permissions to run it to be able to execute shell commands on the SQL machine. To provide a more secure system, in SQL 2005, this stored procedure is not available by default (unlike SQL 2000).
To enable this stored procedure, you should run the following script (for more details about the permissions required see here and here):exec sp_configure 'show advanced options', 1
go
reconfigure
go
exec sp_configure 'xp_cmdshell', 1
go
reconfigure
go
REMEMBER - this is extremely dangerous and exposes your server to a wide variety of attacks, so be careful!
No comments:
Post a Comment