SQL Server中的cmd_shell組件功能強(qiáng)大,幾乎可通過該組建實(shí)現(xiàn)Windows系統(tǒng)的所有功能,正因此,這個(gè)組件也是SQL Server的最大安全隱患。SQL Server 2000中這個(gè)組件是默認(rèn)開啟的,而SQL Server 2005中這個(gè)組件默認(rèn)作為此服務(wù)器安全配置的一部分而被關(guān)閉。有時(shí)我們需要用到該組件,開啟此組件的相關(guān)語(yǔ)句如下:
--To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
--To update the currently configured value for advanced options.
RECONFIGURE
GO -- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
--To update the currently configured value for this feature.
RECONFIGURE
GO
--To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
--To update the currently configured value for advanced options.
RECONFIGURE
GO -- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 0
GO
--To update the currently configured value for this feature.
RECONFIGURE
GO