Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.064 X-Spam-Evidence: '*H*': 0.87; '*S*': 0.00; 'variables': 0.07; 'claimed': 0.09; 'subject:into': 0.09; 'cc:addr:python-list': 0.11; 'doing,': 0.16; 'idiocy': 0.16; 'site).': 0.16; 'wrote:': 0.18; 'bit': 0.19; 'seems': 0.21; 'input': 0.22; 'email addr:gmail.com>': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**0': 0.24; 'script': 0.25; 'mention': 0.26; 'pass': 0.26; 'values': 0.27; 'header:In-Reply-To:1': 0.27; 'specifically': 0.29; 'tim': 0.29; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'getting': 0.31; 'hacker': 0.31; 'subject:Database': 0.31; 'received:google.com': 0.35; 'there': 0.35; 'data,': 0.36; "he's": 0.36; "didn't": 0.36; 'level': 0.37; 'server': 0.38; 'anything': 0.39; 'sure': 0.39; 'logs': 0.60; 'more': 0.64; 'chance': 0.65; 'to:addr:gmail.com': 0.65; 'world': 0.66; 'subject': 0.69; 'secure': 0.71; '8bit%:100': 0.72; 'absolutely': 0.87; 'exposing': 0.91; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=JrMIC2rDavUNdiKo/4D/hkBy9NfMe7Iy9lti6kAPJ4A=; b=mNhwLdtxNa/D/Gz78uFmZKGLDaL6t35ZR4N6HEHFUKOJ/nerXNMJqWG9sTgMnO9lVJ EGPIf1/e/FvS+w/fcHmh7EYMMtJcdmtse+/ITSY9MzC9bZYbV9FQu5DYcAkKK78G8772 GWT11on92YJ8Dl9E4DWBtf9QTgvNbj+O9mg5F6KIObJmPmDr+yusenWjczm1kUIoW2cq 3qlN/VRKEq4LZCxwG6+V8ei3fcIMQumrvKwoB7jNWexj6lCJTw4jqj/UcbdQks49qQO7 tShYhrV/cM1zk4aLl64ryHtgZFZdCMfaIFf4muz9LEw22Ydq6sce+ukj2ei4LKUA2uxq +ZdA== MIME-Version: 1.0 X-Received: by 10.60.36.133 with SMTP id q5mr1889017oej.63.1383864412772; Thu, 07 Nov 2013 14:46:52 -0800 (PST) In-Reply-To: References: <527a5f79$1@news.synserver.de> Date: Fri, 8 Nov 2013 09:46:52 +1100 Subject: Re: To whoever hacked into my Database From: Tim Delaney To: =?UTF-8?B?zp3Or866zr/PgiDOkc67zrXOvs+Mz4DOv8+FzrvOv8+C?= Content-Type: multipart/alternative; boundary=089e01293f10bdc1ad04ea9e0a38 Cc: Python-List X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 67 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1383864421 news.xs4all.nl 15983 [2001:888:2000:d::a6]:60771 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:58711 --089e01293f10bdc1ad04ea9e0a38 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 8 November 2013 09:45, Tim Delaney wrote: > On 8 November 2013 09:18, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 =CE=91=CE=BB=CE= =B5=CE=BE=CF=8C=CF=80=CE=BF=CF=85=CE=BB=CE=BF=CF=82 = wrote: > >> I feel a bit proud because as it seems i have manages to secure it more >> tight. All i need to do was to validate user input data, so the hacker >> won't be able again to pass bogus values to specific variables that my >> script was using. >> > > So we now have confirmation that Nikos' site is subject to SQL injection > attacks on anything that he is not specifically validating. And I'm > absolutely sure that he has identified every location where input needs t= o > be validated, and that it is impossible to get past the level of validati= on > that he's doing, so the site is completely secure! Just like the last tim= e > he claimed that (and the time before, and the time before that ...). > Not to mention the idiocy of exposing your web server logs to the outside world ... (no - I didn't go there - I want no chance of getting malware from his site). Tim Delaney --089e01293f10bdc1ad04ea9e0a38 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
On 8= November 2013 09:45, Tim Delaney <timothy.c.delaney@gmail.com> wrote:
=
On 8 November 2013 09:18, =CE= =9D=CE=AF=CE=BA=CE=BF=CF=82 =CE=91=CE=BB=CE=B5=CE=BE=CF=8C=CF=80=CE=BF=CF= =85=CE=BB=CE=BF=CF=82 <nikos.gr33k@gmail.com> wrote:
I feel a bit proud because as it seems i hav= e manages to secure it more tight. All i need to do was to validate user in= put data, so the hacker won't be able again to pass bogus values to spe= cific variables that my script was using.

So we now have confirmation that Nik= os' site is subject to SQL injection attacks on anything that he is not= specifically validating. And I'm absolutely sure that he has identifie= d every location where input needs to be validated, and that it is impossib= le to get past the level of validation that he's doing, so the site is = completely secure! Just like the last time he claimed that (and the time be= fore, and the time before that ...).

Not to mention the idioc= y of exposing your web server logs to the outside world ... (no - I didn= 9;t go there - I want no chance of getting malware from his site).

Tim Delaney=C2=A0
--089e01293f10bdc1ad04ea9e0a38--