xp_cmdshell quandry

[equus2]

Hi,

I am familiar with setting up xp_cmdshell proxy accounts.

However, I have concerns with security. That is, if then map a user to master and grant them execute on xp_cmdshell, that user effective has os permissions, which I may or may not want them to have.

Is there a workaround to this problem, for example - to grant xp_cmdshell to a stored procedure instead? Or some other practical solution?

Just want to know how others have handled this problem.

Thanks

 

[maswien]

You need to include the xp_cmdshell in your SP? You may want schedule a job to access the OS resource and populate the information to a table, then your SP read or update this table.

 

[mrdenny]

I short no, you can't grant access to xp_cmdshell via a stored proc.

The best way to handle it is to not use xp_cmdshell. What are you trying to do which requires OS access?

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog