IIRC it is possible to execute shell commands in SQL server, is this the
case?
I intend to give public access to a test server (MSDE). My main concern is
that people could use SQLServer shell commands as a back door to hack my
operating system.
I'm not too concerned at this stage about securing the data though, since it
is only for testing & debugging.
Please advise, many thanks.
--
Mike Collier BSc( Hons) Comp Sci
Offer: Get a copy of AdoAnywhere Browser FREE when you register for the
forum.
http://www.adoanywhere.com/forumlook up xp_cmdshell in BOL, do not use an SA level account for your web
service accounts
Ray Higdon MCSE, MCDBA, CCNA
--
"Mike Collier" <mike@.adoanywhere.com> wrote in message
news:Om0r3jh3DHA.2888@.tk2msftngp13.phx.gbl...
quote:
> Hi,
> IIRC it is possible to execute shell commands in SQL server, is this the
> case?
> I intend to give public access to a test server (MSDE). My main concern is
> that people could use SQLServer shell commands as a back door to hack my
> operating system.
> I'm not too concerned at this stage about securing the data though, since
it
quote:|||> look up xp_cmdshell in BOL, do not use an SA level account for your web
> is only for testing & debugging.
> Please advise, many thanks.
> --
> Mike Collier BSc( Hons) Comp Sci
> Offer: Get a copy of AdoAnywhere Browser FREE when you register for the
> forum.
> http://www.adoanywhere.com/forum
>
>
quote:
> service accounts
Thank you, very much appreciated.
Mike.
No comments:
Post a Comment