SharePoint SLK and T-SQL xp_cmdshell safety
- by Mitchell Skurnik
I am looking into a TSQL command called "xp_cmdshell" to use to monitor a change to a the SLK (SharePoint Learning Kit) database and then execute a batch or PowerShell script that will trigger some events that I need. (It is bad practice to modify SharePoint's database directly, so I will be using its API)
I have been reading on various blogs and MSDN that there are some security concerns with this approach. The sites suggest that you limit security so the command can be executed by only a specific user role.
What other tips/suggestions would you recommend with using "xp_cmdshell"?
Or should I go about this another way and create a script or console application that constantly checks if a change has been made?
I am running Server 2008 with SQL 2008.