Lock the Back Door Too

An extended stored procedure called xp_cmdshell causes SQL Server to spawn a command shell and execute the command given as a parameter. For example, xp_cmdshell ‘dir c:mssqlackup’ would return a listing of the files in the backup directory. In general, this utility is useful for administrators. What you must be aware of is that the command executes with the privileges of the account under which SQL Agent executes. Since this account is typically a member of the administrator group, a user could wreak tremendous havoc (“I didn’t realize that format c: would cause any problems! Really!”).

To limit this command to administrators, Right click on the SQL Server Agent Icon in Enterprise Manager and choose “properties” from the menu. Choose the job system tab. At the bottom there will be a checkbox next to text that reads “Only users with Sysadmin privileges can execute CmdExec and ActiveScripting jobs here.” Make sure the checkbox is filled in.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin

Overview

The Latest

iOS app development

The Future of iOS App Development: Trends to Watch

When it launched in 2008, the Apple App Store only had 500 apps available. By the first quarter of 2022, the store had about 2.18 million iOS-exclusive apps. Average monthly app releases for the platform reached 34,000 in the first half of 2022, indicating rapid growth in iOS app development.

microsoft careers

Top Careers at Microsoft

Microsoft has gained its position as one of the top companies in the world, and Microsoft careers are flourishing. This multinational company is efficiently developing popular software and computers with other consumer electronics. It is a dream come true for so many people to acquire a high paid, high-prestige job

your company's audio

4 Areas of Your Company Where Your Audio Really Matters

Your company probably relies on audio more than you realize. Whether you’re creating a spoken text message to a colleague or giving a speech, you want your audio to shine. Otherwise, you could cause avoidable friction points and potentially hurt your brand reputation. For example, let’s say you create a