Re: Best Practice - xp_cmdshell question
smaas_at_newsgroups.nospam
Date: 11/13/04
- Next message: smaas_at_newsgroups.nospam: "Best Practice - Builtin\Administrators SQL account - I'm confused"
- Previous message: Peter Newman: "Re: Advice on connection isssues"
- In reply to: Mike Epprecht \(SQL MVP\): "Re: Best Practice - xp_cmdshell question"
- Next in thread: Dan Guzman: "Re: Best Practice - xp_cmdshell question"
- Reply: Dan Guzman: "Re: Best Practice - xp_cmdshell question"
- Reply: Andrew J. Kelly: "Re: Best Practice - xp_cmdshell question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Nov 2004 15:27:05 -0800
Mike,
Thanks for answering. I read the overview of Notification Services, and I'm
not seeing how it could help us resolve this particular issue, but perhaps I
need to clarify a bit.
The table the trigger runs on is a "tag print" table. Whenever users
receive product, they use an application that writes to this table, "tagging"
the product with a tag code and also storing relevant information such as
item #, etc. From there, these tags need to be printed, so the trigger pulls
together the information from the inserted record plus formatting for the
barcode program we use, and it then uses xp_cmdshell to run a VB executable
that creates a file with a title that looks to be a combination of date and
time and the contents of the file are those assembled in the trigger.
Looking at the files created, I'm not sure why we really need the VB program
if we can have SQL Server write this file itself in some way that would not
need to use xp_cmdshell. Do you have any suggestions?
"Mike Epprecht (SQL MVP)" wrote:
> Hi
>
> The only way is using xp_cmdshell, but having a trigger (and its associated
> locks) wait on a batch file is really suicide. If the batch fails, the
> trigger rolls back the data.
>
> Notification Services might be a possible way to get this out of your
> trigger. http://www.microsoft.com/sql/ns/default.asp
>
> Slap the 3rd party for their terrible understanding of what SQL Server's
> function is.
>
> Regards
> --------------------------------
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
>
> IM: mike@epprecht.net
>
> MVP Program: http://www.microsoft.com/mvp
>
> Blog: http://www.msmvps.com/epprecht/
>
> "smaas@newsgroups.nospam" <smaasnewsgroupsnospam@discussions.microsoft.com>
> wrote in message news:467505F1-3DC5-4D0B-ACE4-B0C80EDD8F7B@microsoft.com...
> > I would like to follow the Microsoft suggested best practice of removing
> > execute permissions on xp_cmdshell to non-sysadmin users. Currently, we
> are
> > allowing an account to run xp_cmdshell due to a trigger written by a 3rd
> > party that executes a batch file. Are there any alternative ways of
> > executing the batch file from the trigger that do not require xp_cmdshell?
>
>
>
- Next message: smaas_at_newsgroups.nospam: "Best Practice - Builtin\Administrators SQL account - I'm confused"
- Previous message: Peter Newman: "Re: Advice on connection isssues"
- In reply to: Mike Epprecht \(SQL MVP\): "Re: Best Practice - xp_cmdshell question"
- Next in thread: Dan Guzman: "Re: Best Practice - xp_cmdshell question"
- Reply: Dan Guzman: "Re: Best Practice - xp_cmdshell question"
- Reply: Andrew J. Kelly: "Re: Best Practice - xp_cmdshell question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
