xp_cmdshell lets SQL Server run OS commands. That’s powerful (and dangerous.) It expands the blast radius of a SQL compromise. In most shops, it should be disabled, with rare, auditable exceptions and safer substitutes for routine admin tasks. Lets unpack that here – and visit our sp_CheckSecurity page to learn about our free SQL Server … Read more
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. It’s … Read more
This post is part of our SQL Server security blog series, 30 SQL Server Security Checks in 30 Days. We’re publishing a new security check every day in the month of June. Visit our sp_CheckSecurity page to learn about our free SQL Server tool you can download and run to check your own server. Based … Read more