This editorial was originally published on 16 Sep 2016. It is being republished as Steve is on holiday, but if you have changed your mind, leave a comment in the discussion.
Securing a computer is a challenge. There are all sorts of potential issues in every platform, and ensuring safety for your data can be less a reflection of your ability and more the good fortune there isn't a focused effort to attack your systems. However, we certainly also face issues with inside users, many of which may make mistakes that are accidental more than malicious. It's for these reasons that we look for secure by default applications and a reduced surface area for any system.
Many people refuse to turn on xp_cmdshell as an option for scripting in SQL Server. This is disabled by default, and quite a few DBAs are glad of this setting. However, there are plenty of people that think xp_cmdshell isn't a big security risk. There are certainly ways to mitigate the usage by non-privileged users, and this can be a tool that is very handy for accomplishing work without a lot of development time.
This week, as security issues become more important to us all, I'm curious how you feel.
Do you think xp_cmdshell is dangerous?
I have to admit that I'm torn. I don't think this inherently dangerous. It does open up some attack vectors, but the last few versions of SQL Server have allowed some limitations, so I would enable this if needed to solve some issues without too many concerns. However, I wonder if many of you feel the same way.