From: Marc Miller (email@example.com)
From: "Marc Miller" <firstname.lastname@example.org> Date: Wed, 19 Mar 2003 08:02:53 -0500
I am developer, somewhat new to SQL Server. In one of my first
endeavors in T-SQL programming,
I am making use of sprocs and xsprocs that reside in MASTER and MSDB, most
(for FTP's) and xp_fileexist.
When I requested to have my app put into production, my DBA has conveyed
his concern in granting
me the ability to run xp_cmdshell, since it exposes server administration.
He has created a
proxy account to allow my developer role to do this in production.
My question, I guess, is what type of security is usually granted to
programmatic roles, that is for sprocs
that run background processes and have the userid and passwords embedded in
the calling code? I use
.NET and Visual Fox Pro for front ends. Are there alternatives,
programmatically, to using xp_cmdshell, etc.?
I don't want to go at loggerheads with the DBA ( I want to be friends
8-)!), but I don't feel that he has the scope
of the programmer's needs and I don't have the scope of the administration
of the DB.
Thanks much for any input,
Commonwealth Telephone Company
"I have not failed. I've just found 10,000 ways that won't work." - Thomas