What are the risks of running an exe on an sql trigger? This is a closed server, intranet only, with limited user access to the server where the script runs from and the SQL server connection.
I store outgoing emails temporarily in a table in my database system. These are then sent out via a trigger that runs and exe. The exe simply pulls the to, from, subject, cc, and body from the DB and send the email via CDO.
I have to use an outside method of sending emails instead of simply sending from code-behind in order to avoid slwodown on the website. I asked regarding this specific issue in another post, but asking about exec risks seemed like a seperate issue. Direct any alternatives to the related post.
Related post Email from web without tying up webpage
If it’s a closed server and the .exe is known, I don’t see that there would be much risk if any. The only risk I could see would be if someone changed your exe for something else that would then be triggered, but that seems unlikely given the scenario you described.
We had a similar situation several years ago where we had a vendor whose product was updated via a control program. We had a trigger that hit the control program each time a user was added to the sql database, and the control program would then signal its service to add the user there as well. Never had a real problem with it.