Wednesday, March 21, 2012

Issues with deleting XPs

We were recently audited and asked to get rid of the following XPs:
xp_cmdshell
xp_regaddmultistring
xp_regdeletevalue
xp_regenumvalues
xp_regread
xp_regremovemultistring
xp_regwrite
But we found a possible problem with xp_regread and received the following
error messages:
Server: Msg 2812, Level 16, State 62, Line 52
Could not find stored procedure 'master.dbo.xp_regread '.
Server: Msg 3165, Level 16, State 1, Line 2
Could not adjust the replication state of database 'DBName'. The database
was successfully restored,
Now the database did restore and seems to be fine, and as we don't use
replication right now, I don't see the harm anyway. However, I'm curious to
know if deleting these XPs will have other affects other than this one, and
whether or not any of you guys would know of good reasons not to do what the
auditors have asked, namely delete the above mentioned XPs.
Thanks.
Michael MacGregor
Database ArchitectHi Michael,
As to your problem with xp_regread, have you tried to run a sp_help on
it? If it produces no entry when passed to sp_help (e.g. exec sp_help
@.objectname = 'xp_regread') then there might be some trouble.
Will you be using replication at any point in the future (sorry, I know
it's sometimes hard to say whether you will or will not be doing
something in the future)? These extended stored procedures are mainly
called by the system stored procs that are used for replication so if
you remove them, replication will be hard to do.
You can view what stored procs have dependencies on the ones you want
to delete by using Enterprise Manager/Management Studio. I would
consider having a look through what procs are dependant on those you
want to delete and see if you can live without them or not.
Also, I trust that if/when you delete these extended stored procs you
have/will delete the stored procedures that are dependant on them?
All that being said, I have found xp_cmdshell a useful thing in the
past. It's not something I use regularly but it can be handy for things
like moving/deleting files, calling batch scripts and bcp from T-SQL
etc. Like I said, I don't use it often but I'm glad it's there when I
need it.
Also, most of those stored procs aren't accessible by non-admins unless
the permissions have been explicitly granted to them. I believe that
the only exception is xp_regread but some would consider being able to
read the registry quite harmless depending on what is stored in there,
of course.sql
Posted by debrisuioh at 6:22 AM
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)