Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

CLR Stored Procedures
From: nitin patel <kota_44 () yahoo com>
Date: Sun, 9 Oct 2005 00:18:01 -0700 (PDT)
Hi , 

Got a doubt regarding new feature in SQL 2005 .

Security wise genrally we discourage use of powerfull
stored procedures like xp_cmdshell from our 
stored Procedure code and drop them if they are not
requierd .
If it all they are requierd it is recommended to have
access check on those stored procs calling these
powerfull SP's.

In Sql 2005 one can write CLR stored procedures and
produce same functionallity as xp_cmdshell.

My Doubts - 

1) Security wise which one should be preferred ( CLR
or XP_) and why? 

2) In case of using CLR stored procedures what are 
   security pros and cons .


From what i found it gives more control but is that

controll good enough to recommend it as a secure
alternative .

Thanks in Advance 
Nitin
 





                
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]