Controlling the commands executed with xp_cmdshell on SQL Server 2005

SQL Server has a special extended stored procedure called xp_cmdshell. This procedure has a lot of power: it allows to execute any command line code on the machine hosting the SQL Server.

Imagine you want to list all the files on C: on the SQL Server Windows host: you could write a T-SQL statement like this one:

EXECUTE master..xp_cmdshell 'dir c:'

This stored procedure, however, is a very dangerous one, as it would allow to execute harmful code. This is the reason why it’s disabled by default. Even when enabled, only users on the sysadmin role can use it.

If you ever need some users the ability to run only some specific commands with xp_cmdshell, you can use the method I’ll explain below, making use of the EXECUTE AS modifier of the stored procedure definitions in T-SQL.

Read the rest of this entry »

November 13th, 2008 | tags: security, sql server | No Comments

Repeatable read and deadlocks in SQL Server

This week we had a bug report of one of our products regarding some strange deadlocks in our database access. For those of you who don’t know what a deadlock is, I’ll try to summarize here what a transaction is in a relational database environment and why those transactions might lead to those nasty errors, and try to explain what was causing this deadlock in our SQL Server 2005 engine.

Read the rest of this entry »

September 23rd, 2007 | tags: sql server, tips and tricks | No Comments

M	T	W	T	F	S	S
« Oct
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Think In GeekIn geek we trust

Controlling the commands executed with xp_cmdshell on SQL Server 2005

Repeatable read and deadlocks in SQL Server

Calendar

Recent Posts

Recent Comments

Tags

Archives