什么是sql server中的外部过程xp_cmdshell？ [英] What exactly is external procedure xp_cmdshell in sql server?

问题描述

sql server中外部程序xp_cmdshell究竟是什么？

我想知道为什么它被认为是危险的！

解决方案

< blockquote>您可以在服务器上执行操作系统级命令。

它本身并不危险。但是如果数据库或服务器没有得到很好的保护，如果安全设置中存在泄漏，攻击者就可以访问操作系统本身，这就是危险的。

所以你需要要非常小心。以下是您应该在本主题中阅读的一些非常好的文章：

- http://thinkingeek.com/2008/11/13/controlling-the-commands-executed-with-xp_cmdshell-on-sql-server-2005/ [ ^ ]

- http://blogs.msdn.com/b/sqlsecurity/archive/2008/01/10/xp-cmdshell.aspx [ ^ ]

但如果可以避免使用它

What exactly is external procedure xp_cmdshell in sql server?
I wanna know why it''s said to be dangerous!!

解决方案

You can execute OS level commands on the server.
It is not dangerous on it''s own. But if the a database or a server is not well protected, if there are leaks in the security settings, an attacker can access the operating system itself, and that''s the danged.
So you need to be extremely careful. Here are some really good articles you should read in this topic:
- http://thinkingeek.com/2008/11/13/controlling-the-commands-executed-with-xp_cmdshell-on-sql-server-2005/[^]
- http://blogs.msdn.com/b/sqlsecurity/archive/2008/01/10/xp-cmdshell.aspx[^]
But if you can avoid using it.

这篇关于什么是sql server中的外部过程xp_cmdshell？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！