ITPub博客

首页 > Linux操作系统 > Linux操作系统 > SQL Server xp_cmdshell

SQL Server xp_cmdshell

原创 Linux操作系统 作者:sanxiagirl 时间:2009-04-09 14:49:31 0 删除 编辑

xp_cmdshell 扩展存储过程将命令字符串作为OS命令 shell 执行,并以文本行的形式返回所有输出。由于xp_cmdshell 可以执行任何操作系统命令,所以一旦SQL Server管理员帐号(如sa)被攻破,那么攻击者就可以利用xp_cmdshell 在SQL Server中执行操作系统命令,如:创建系统管理员,也就意味着系统的最高权限已在别人的掌控之中。由于存在安全隐患,所以在SQL Server 2005中, xp_cmdshell 默认是关闭的。

   If you don't have a need to use the xp-cmdshell, then don't enable it. But if you have a need for it, then you must manually enable it. There are two different ways to enable xp-cmdshell in SQL Server 2005. Use can turn it on using the SQL Serve 2005 Surface Area Configuration tool, or you can use the sp_configure command.

   To turn on the xp-cmdshell using the SQL Serve 2005 Surface Area Configuration tool, follow these steps:

1) From Start --> Programs -->, select the Microsoft SQL Server 2005 program group and launch the Surface Area Configuration tool, which is found under the SQL Server 2005 Configuration Tools in the SQL Server 2005 menus.

2) Once the Surface Area Configuration tool has launched, select "Surface Area Configuration for Features" .

3) Next, click on xp-cmdshell in the tree menu at the left, and then click on "Enable xp-cmdshell", and then click on "Apply." Xp-cmdshell is now enabled.

   If you want to enable xp-cmdshell using sp_configure instead of using the Surface Area Configuration tool, run the following script. in Management Studio:

EXEC sp_configure 'show advanced options',1
GO
RECONFIGURE WITH OVERRIDE
GO
EXEC sp_configure 'xp-cmdshell', 1
GO
RECONFIGURE WITH OVERRIDE
GO
EXEC sp_configure 'show advanced options',0

GO

If you are upgrading from SQL Server 2000 to SQL Server 2005, the Upgrade Advisor will advise you to check whether or not you are using xp-cmdshell for SQL Server 2000, and then suggest that you enable it if it is still needed after the upgrade to SQL Server 2005.

You can only do it that way in SQL Server 2005 and SQL Server 2008.
In SQL Server 2000, it is always "on".
You can have control over it by permissioning like revoking permission to execute it from public.

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10640532/viewspace-586862/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2008-01-02

  • 博文量
    142
  • 访问量
    507643