Re: Rename xp_cmdshell
From: Gert E.R. Drapers (GertD_at_Online.SQLDev.Net)
Date: 08/02/03
- Next message: Andrew J. Kelly: "Re: All our servers are now kaput"
- Previous message: Petr Sigut: "alowing certain IP addresses"
- Next in thread: Danny Cooper: "Re: Rename xp_cmdshell"
- Reply: Danny Cooper: "Re: Rename xp_cmdshell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Aug 2003 15:33:09 -0700
The person who advised this is completely wrong, you can not rename an
extended stored procedure, because the name of an extended stored procedure
is the physical entrypoint of the function inside the DLL.
My advise, revoke all right to the XP, if somebody for some reason needs
access to it, create a wrapper stored procedure that checks the parameters,
or even better does not accept any parameters so you are in control of what
gets executed.
GertD@SQLDev.Net
Please reply only to the newsgroups.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Copyright © SQLDev.Net 1991-2003 All rights reserved.
"Danny Cooper" <danny.cooper@bbc.co.uk> wrote in message
news:devhiv0ku7tir2bkblpbhvb6cvj259jtk2@4ax.com...
>
> A number of security papers recommend renaming xp_cmdshell, but when I
> try (in Enterprise Manager as sysadmin) I get "The object cannot be
> renamed". Any ideas?
>
> Danny.
>
- Next message: Andrew J. Kelly: "Re: All our servers are now kaput"
- Previous message: Petr Sigut: "alowing certain IP addresses"
- Next in thread: Danny Cooper: "Re: Rename xp_cmdshell"
- Reply: Danny Cooper: "Re: Rename xp_cmdshell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
