July 19, 2017 at 10:58 am
Ed Wagner - Wednesday, July 19, 2017 10:42 AMjasona.work - Wednesday, July 19, 2017 10:38 AMjasona.work - Wednesday, July 19, 2017 10:36 AMMynd you, møøse bites Kan be pretti nastiWe apologise again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked.
My compliments on the Monty Python reference. It was very well done.
😀
Another forum I used to be part of (related to a PC game,) people would throw around Monty Python references like confetti in their water cooler topic...
It was the first thing that came to mind when I read Gails "correction" to Steve's post about the developers...
July 19, 2017 at 11:04 am
jasona.work - Wednesday, July 19, 2017 10:35 AMThose responsible have been sacked
Better not be. These were some of the few people that got things done.
July 19, 2017 at 12:10 pm
Ed Wagner - Tuesday, July 18, 2017 1:30 PMBrandie, kudos for asking the question. Three of 15 is 20%, which, given Jeff's observations, isn't horrible. I know that sets the bar pretty low, but asking such a simple question can really save you time. It says a lot about the person claiming to have 10 years of experience. Or is that an aggregate that really means "1 month of experience 120 consecutive times" or something similar? 😉
It's more like 1 day x 3650 consecutive times...
Wayne
Microsoft Certified Master: SQL Server 2008
Author - SQL Server T-SQL Recipes
July 19, 2017 at 12:27 pm
Phil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';
Nope. It's inventive.
But what would you say in an interview if I told you xp_cmdshell had been blocked / disabled?
July 19, 2017 at 12:27 pm
WayneS - Wednesday, July 19, 2017 12:10 PMEd Wagner - Tuesday, July 18, 2017 1:30 PMBrandie, kudos for asking the question. Three of 15 is 20%, which, given Jeff's observations, isn't horrible. I know that sets the bar pretty low, but asking such a simple question can really save you time. It says a lot about the person claiming to have 10 years of experience. Or is that an aggregate that really means "1 month of experience 120 consecutive times" or something similar? 😉It's more like 1 day x 3650 consecutive times...
Did you account for leap year?
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
July 19, 2017 at 12:31 pm
Brandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
It's old-fashioned. Make a PowerShell called to Get-Date. That's the correct answer. What do I win?
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
July 19, 2017 at 12:32 pm
Ed Wagner - Wednesday, July 19, 2017 10:43 AMAnd in other news, a new vulnerability in IoT has been found.http://thehackernews.com/2017/07/gsoap-iot-device-hacking.html
YIKES! Makes me glad I'm playing the luddite lately when it comes to connected items for the home.
July 19, 2017 at 1:01 pm
Brandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
But what would you say in an interview if I told you xp_cmdshell had been blocked / disabled?
At that point, I would come clean and state that if it's safe enough for world-renowned DBA Jeff Moden, it's safe enough for me 🙂 And therefore that I'd like to further understand the reasons for blocking it.
The absence of evidence is not evidence of absence.
Martin Rees
You can lead a horse to water, but a pencil must be lead.
Stan Laurel
July 19, 2017 at 1:24 pm
Grant Fritchey - Wednesday, July 19, 2017 12:31 PMBrandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
It's old-fashioned. Make a PowerShell called to Get-Date. That's the correct answer. What do I win?
A free one way trip to the Tower of Babel. 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
July 19, 2017 at 1:27 pm
Phil Parkin - Wednesday, July 19, 2017 1:01 PMBrandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
But what would you say in an interview if I told you xp_cmdshell had been blocked / disabled?
At that point, I would come clean and state that if it's safe enough for world-renowned DBA Jeff Moden, it's safe enough for me 🙂 And therefore that I'd like to further understand the reasons for blocking it.
That would be when I break out my hour long presentation on why NOT enabling using xp_CmdShell could be considered a worst practice. 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
July 19, 2017 at 1:33 pm
Jeff Moden - Wednesday, July 19, 2017 1:27 PMPhil Parkin - Wednesday, July 19, 2017 1:01 PMBrandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
But what would you say in an interview if I told you xp_cmdshell had been blocked / disabled?
At that point, I would come clean and state that if it's safe enough for world-renowned DBA Jeff Moden, it's safe enough for me 🙂 And therefore that I'd like to further understand the reasons for blocking it.
That would be when I break out my hour long presentation on why enabling using xp_CmdShell could be considered a worst practice. 😉
And yet you advocate for its use, albeit when properly configured and used in a controlled manner.
😀
July 19, 2017 at 1:44 pm
Phil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';
You know, that could be streamlined to:
EXEC sys.xp_cmdshell 'net time \\localhost'
July 19, 2017 at 1:51 pm
Lynn Pettis - Wednesday, July 19, 2017 1:33 PMJeff Moden - Wednesday, July 19, 2017 1:27 PMPhil Parkin - Wednesday, July 19, 2017 1:01 PMBrandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
But what would you say in an interview if I told you xp_cmdshell had been blocked / disabled?
At that point, I would come clean and state that if it's safe enough for world-renowned DBA Jeff Moden, it's safe enough for me 🙂 And therefore that I'd like to further understand the reasons for blocking it.
That would be when I break out my hour long presentation on why enabling using xp_CmdShell could be considered a worst practice. 😉
And yet you advocate for its use, albeit when properly configured and used in a controlled manner.
😀
I think Jeff probably meant to say that disabling it could be considered a worst practice. I've seen the presentation and it's a very logical progression that goes at it from many angles.
July 19, 2017 at 1:53 pm
Jeff Moden - Wednesday, July 19, 2017 1:24 PMGrant Fritchey - Wednesday, July 19, 2017 12:31 PMBrandie Tarvin - Wednesday, July 19, 2017 12:27 PMPhil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';Nope. It's inventive.
It's old-fashioned. Make a PowerShell called to Get-Date. That's the correct answer. What do I win?
A free one way trip to the Tower of Babel. 😉
Jeff, you realize that Grant probably posted that comment just for you...right? He might be on the floor laughing right now. 😀:hehe:
July 19, 2017 at 3:13 pm
Phil Parkin - Wednesday, July 19, 2017 8:49 AMIs this cheating?
EXEC sys.xp_cmdshell 'date /t';
EXEC sys.xp_cmdshell 'time /t';
What happens if command extensions are off? I imagine it would be some error pointing out that "EXEC sys.xp_cmdshell 'time /t';" isn't a valid time, so it wouldn't return get the current time, but I haven't tested it..
Tom
Viewing 15 posts - 59,341 through 59,355 (of 66,738 total)
You must be logged in to reply to this topic. Login to reply