XP_CMDSHELL - Secuirty Concerns???
Posted on 2006-07-17
I have a question regarding xp_cmdshell
For some reason our production database and the data managment work database is on the same server (bad maagement)
I have been given the task of improving current data management processes
I want to use the xp_cmdshell command to use simple commands for managing files (ie: rename, move, copy delete, dir, etc)
Because of security issues we do not have access to this sp xp_cmdshell on the master database.
As a work around is it possible to put the xp_cmdshell in sp with the command that I want to use (ie: rename, move, copy delete, dir, etc) and give certain permissons on the sp to run that xp_cmdshell comand.
So the final result would be that if xp_cmdshell was run separtely we would still get permission not granted to run that sp, but the new sp ie: sp_CopyFile would have permission with the xp_cmdshell command in it that we want to run.