WebApp Sec mailing list archives
CLR Stored Procedures
From: nitin patel <kota_44 () yahoo com>
Date: Sun, 9 Oct 2005 00:18:01 -0700 (PDT)
Hi , Got a doubt regarding new feature in SQL 2005 . Security wise genrally we discourage use of powerfull stored procedures like xp_cmdshell from our stored Procedure code and drop them if they are not requierd . If it all they are requierd it is recommended to have access check on those stored procs calling these powerfull SP's. In Sql 2005 one can write CLR stored procedures and produce same functionallity as xp_cmdshell. My Doubts - 1) Security wise which one should be preferred ( CLR or XP_) and why? 2) In case of using CLR stored procedures what are security pros and cons .
From what i found it gives more control but is that
controll good enough to recommend it as a secure alternative . Thanks in Advance Nitin __________________________________ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
Current thread:
- CLR Stored Procedures nitin patel (Oct 09)
- Re: CLR Stored Procedures bryan allott (Oct 09)