Re: xp_cmdshell
From: Dan Guzman (danguzman_at_nospam-earthlink.net)
Date: 07/10/03
- Next message: Dan Guzman: "Re: Help understanding Stored proc Level Secuirty?"
- Previous message: Venkatesh: "Permissions on Scheduled Jobs"
- In reply to: AJAY R: "Re: xp_cmdshell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Jul 2003 08:08:43 -0500
AFAIK, there's no way to completely hide xp_cmdshell without dropping
the proc entirely.
Note that an intruder would need to gain access via a sysadmin account
to execute xp_cmdshell. For sysadmin users, xp_cmdshell runs under the
security context of the SQL Server service account so you can mitigate
risk by using Windows-only authentication and running SQL Server under a
non-privileged account. A sysadmin user always has full SQL Server
privileges so an intruder that gains access under a sysadmin account can
do nasty things without xp_cmdshell, like drop databases.
See
<http://msdn.microsoft.com/webservices/building/frameworkandstudio/defau
lt.aspx?pull=/library/en-us/dnnetsec/html/thcmch18.asp> for more
information on securing your database server.
-- Hope this helps. Dan Guzman SQL Server MVP "AJAY R" <dba_pune@hotmail.com> wrote in message news:OobbpWgRDHA.3236@TK2MSFTNGP10.phx.gbl... > Thanks Dan > But my purpose is to hide xp_cmdhsell from any user . > Even if some intrusion happens in the db , the intruder should not be able > to see xp_cmdshell . > Is there any way to hide or rename or anything which will keep xp_cmdshell > present but in encapsulated form or with some other name. > > Regards > Ajay Rengunthwar >
- Next message: Dan Guzman: "Re: Help understanding Stored proc Level Secuirty?"
- Previous message: Venkatesh: "Permissions on Scheduled Jobs"
- In reply to: AJAY R: "Re: xp_cmdshell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
