Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

XP_CmdShell - Security Risks !!! 1

Status
Not open for further replies.
Bernadette

Bernadette

MIS
Nov 16, 2000
203
GB
XP_Cmdshell runs with the full permissions of the account it is running under so if your SQL Server is running under a domain administrator's account - then the 'sa' account will have control over the NT network using xp_cmdshell. The 'sa' account can run any OS Command including "format c:".

Make sure you restrict the ability to execute xp_cmdshell amd runCmdExec amd ActiveScripting jobs or you are leaving yourself open to security breeches which could lead to someone deleting files from your network or worse - formatting the drives on your server !!!


Hope This Helps
Bernadette
 
Status
Not open for further replies.

Similar threads

V
  • Locked
  • Question
xp_cmdshell vs psexec - this SQL server forgets credential to an W10 share
Replies
0
Views
796
Volvere
V
TheBugSlayer
  • Locked
  • Question
How to make xp_cmdshell use SQL Server's bcp utility instead of Sysbase's 1
Replies
7
Views
1K
Nick_Evans1
Nick_Evans1
MichelVanderbeke
  • Locked
  • Question
Problem attaching a database file to my SQLServer using Integrated Security
Replies
2
Views
273
Olaf Doschke
Olaf Doschke
bmacbmac
  • Locked
  • Question
select xp_cmdshell 'DIR' info plus additional data on the same results row?
Replies
6
Views
371
bmacbmac
bmacbmac
andyc209
  • Locked
  • Question
xp_CMDShell
Replies
1
Views
146
philhege
philhege

Part and Inventory Search

Sponsor

Back
Top