Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.052
X-Spam-Evidence: '*H*': 0.90; '*S*': 0.00; 'from:addr:yahoo.co.uk': 0.04; 'steve': 0.09; 'lawrence': 0.09; 'mess': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'subject:into': 0.09; 'tismer': 0.09; 'python': 0.11; 'assume': 0.14; 'do!': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'storing': 0.16; 'language': 0.16; 'wrote:': 0.18; '>>>': 0.22; 'input': 0.22; 'programming': 0.22; 'header:User-Agent:1': 0.23; "aren't": 0.24; 'server.': 0.24; 'script': 0.25; 'right.': 0.26; 'second': 0.26; 'header:X-Complaints-To:1': 0.27; 'header:In- Reply-To:1': 0.27; 'code': 0.31; '>>>>': 0.31; 'hacker': 0.31; 'subject:Database': 0.31; 'guess': 0.33; "i'd": 0.34; "can't": 0.35; 'something': 0.35; 'computing': 0.35; 'but': 0.35; 'really': 0.36; 'accessible': 0.36; 'i.e.': 0.36; 'that!': 0.36; "didn't": 0.36; "i'll": 0.36; 'too': 0.37; 'being': 0.38; 'christian': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'either': 0.39; 'received:org': 0.40; 'how': 0.40; 'tell': 0.60; 'challenge': 0.61; 'world.': 0.61; 'first': 0.61; "you'll": 0.62; "you've": 0.63; 'information': 0.63; 'maximum': 0.63; 'more': 0.64; 'details': 0.65; 'customers': 0.66; 'overall': 0.69; 'secure': 0.71; '8bit%:92': 0.71; '8bit%:100': 0.72; '"too': 0.84; 'baby!': 0.84; 'foundations': 0.84; 'it"': 0.84; 'received:2': 0.84; 'simmons': 0.84; 'utilized': 0.84; 'absolutely': 0.87; '2013': 0.98
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Mark Lawrence <breamoreboy@yahoo.co.uk>
Subject: Re: To whoever hacked into my Database
Date: Thu, 07 Nov 2013 18:11:06 +0000
References: <527a5f79$1@news.synserver.de> <527ab42e$1@news.synserver.de> <mailman.2092.1383775895.18130.python-list@python.org> <346d2eaf-d535-4697-bc30-e0c2d55984ad@googlegroups.com> <mailman.2121.1383815721.18130.python-list@python.org> <8dfc8c99-4a15-4fc6-a42e-e5155077e147@googlegroups.com> <l5g5lk$ciu$2@dont-email.me> <mailman.2137.1383841956.18130.python-list@python.org> <l5gje2$761$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Gmane-NNTP-Posting-Host: host-2-98-193-64.as13285.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
In-Reply-To: <l5gje2$761$1@dont-email.me>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2144.1383847889.18130.python-list@python.org>
Lines: 56
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1383847889 news.xs4all.nl 15938 [2001:888:2000:d::a6]:42231
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:58681

On 07/11/2013 17:42, Νίκος Αλεξόπουλος wrote:
> Στις 7/11/2013 6:34 μμ, ο/η Mark Lawrence έγραψε:
>> On 07/11/2013 13:47, Νίκος Αλεξόπουλος wrote:
>>> Στις 7/11/2013 11:31 πμ, ο/η Ferrous Cranus έγραψε:
>>>> Τη Πέμπτη, 7 Νοεμβρίου 2013 11:15:02 π.μ. UTC+2, ο χρήστης Steve
>>>> Simmons έγραψε:
>>>>
>>>>> Please tell me you aren't storing details of customers and payments
>>>>> on your Web > server.
>>>>
>>>>
>>>> Oh but i do!
>>>> I need this information to be accessible ONLY FOR ME via my website
>>>> 'http://superhost.gr' i just need to secure it more tight.
>>>>
>>>
>>> I think i have made it.
>>>
>>> The hacker, didn't manage to mess again with either of my counters or
>>> clients databases.
>>>
>>> Too bad! I though 'she' was better than that!
>>
>> She's just biding her time so as to cause you maximum pain!!!
>>
>
>
> Bring it on baby!
>
> I like this challenge because it makes me improve on overall python
> script security(most of it being securing user input data before
> actually perform database queries).

Yeah right.  You can't build a house until you've got the foundations 
right, so how can you improve on something when you know absolutely 
nothing about it in the first place?

>
> I also understand than in my attempt to get help with my code i provided
> "too much of it" which was successfully utilized by the hacker to attack
> my website!
>
> You didn't answer me though!
> Is the hacker really a female?
> And if she is, is she pretty? :)

That's for me to know and for you to find out.  Actually I'll assume 
that you'll never find out as I'd guess that your detective skills are 
on a par with your computing skills, i.e. nonexistent.

-- 
Python is the second best programming language in the world.
But the best has yet to be invented.  Christian Tismer

Mark Lawrence