Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Use of xp_cmdshell in the DBAmp Stored Procedures

I've seen the prior posts in the forum that begin to bring up this issue but my manager and our DBA team have asked that I post and followup on this issue.

They are concerned about the security vulnerability that utilizing the xp_cmdshell stored procedure has that would allow someone to basically run any command on the server they want. Their goal it to disable the use of xp_cmdshell in SQL Server to close that security risk.
However 10 of the Stored Procedures for DBAmp utilize xp_cmdshell and while you offer an alternative for SF_Replicate with SF_Replicate3, that alone will not solve our issues as we still won't be able to use SF_ReplicateAll, SF_Refresh or SF_BulkOps all of which are utilizing it, either directly or by called the Stored Procedures that do.

What are ForceAmp's plans, if any, on moving away from the use of the xp_cmdshell procedure for the future?
If there are not plans to do so, can you please provide your reasoning for not doing so and if there are possible workarounds we can utilize?

.xp_cmdshell in the DBAmp Stored Procs:

SF_Replicate: Ln 171
SF_BulkOps: Line 169
SF_BulkSOQL: Line 172
SF_DownloadBlobs: Line 135
SF_Metadata: Line 90
SF_Refresh: Line 355
SF_ReplicateIAD: Line 226
SF_ReplicateLarge: Line 348
SF_TableLoader: Line 227
SF_UploadFile: Line 48
1 person has
this problem
+1
Reply