Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This stems from an earlier SO question.
If you are having to perform actions on the file system are you usually better off writing an application to handle those actions and making calls to SQL Server from that app? In what situations is using xp_cmdshell a good idea?
It is just another tool to be used. As with all tools, use it when it fits. Some people may have very strong opinions one way or another, but at the end of the day, it is there.
SQL Server 2005 introduced sp_xp_cmdshell_proxy_account which alleviates the issue somewhat with privileges, so it becomes more useful.
Consider the powder-key question: Is it generally bad to allow people to carry guns (guns being dangerous being the correlation)? Cue arguments…