Path: csiph.com!usenet.pasdenom.info!dedibox.gegeweb.org!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.014 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'broken': 0.04; 'from:addr:yahoo.co.uk': 0.04; 'lawrence': 0.09; 'plug': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'subject:into': 0.09; 'tismer': 0.09; 'python': 0.11; 'ha!': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'unwarranted': 0.16; 'utterly': 0.16; 'language': 0.16; 'wrote:': 0.18; 'variable': 0.18; 'trying': 0.19; '>>>': 0.22; 'programming': 0.22; 'header:User-Agent:1': 0.23; 'second': 0.26; 'header:X-Complaints-To:1': 0.27; 'header:In-Reply-To:1': 0.27; 'fixed': 0.29; 'chris': 0.29; 'patch': 0.29; "i'm": 0.30; 'you?': 0.31; '>>>>': 0.31; 'subject:Database': 0.31; 'are:': 0.33; "i'd": 0.34; "can't": 0.35; 'good.': 0.35; 'but': 0.35; 'there': 0.35; 'in.': 0.36; 'two': 0.37; 'starting': 0.37; 'christian': 0.38; 'problems': 0.38; 'to:addr:python-list': 0.38; 'issue': 0.38; 'fact': 0.38; 'little': 0.38; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'major': 0.40; 'how': 0.40; 'even': 0.60; 'break': 0.61; 'world.': 0.61; 'week,': 0.64; 'within': 0.65; 'latest': 0.67; 'secure': 0.71; '8bit%:92': 0.71; '8bit%:100': 0.72; 'safe': 0.72; 'day': 0.76; 'insecure': 0.84; 'leak': 0.84; 'pardon': 0.84; 'predictions': 0.91; 'yourself,': 0.95 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Mark Lawrence Subject: Re: To whoever hacked into my Database Date: Sun, 10 Nov 2013 15:09:11 +0000 References: <527a5f79$1@news.synserver.de> <527E557F.3010305@rece.vub.ac.be> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Gmane-NNTP-Posting-Host: host-78-147-181-50.as13285.net User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 47 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1384096165 news.xs4all.nl 15882 [2001:888:2000:d::a6]:46332 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:59011 On 10/11/2013 15:01, Νίκος Αλεξόπουλος wrote: > Στις 10/11/2013 3:49 μμ, ο/η Antoon Pardon έγραψε: >> Op 10-11-13 11:32, Νίκος Αλεξόπουλος schreef: >>> Στις 10/11/2013 12:20 πμ, ο/η Chris Angelico έγραψε: >> >>>> There are two major problems with >>>> what you did here, Nikos, and they are: >>>> >>>> 1) Starting with a hopelessly insecure system and then trying to >>>> band-aid patch it one vulnerability at a time, which is folly; and >>>> >>>> 2) Boasting that your system was now secure. >>>> >>>> The main issue is the boasting, which is utterly unwarranted >>>> arrogance. >> ,,, >> >>> Ha, ha ha! >>> I'm safe now!! >>> >>> No breaks in this time! >> >> You just can't help yourself, can you? I predict your database will >> be broken in, within a week, after which you will plug one leak >> and after an other day boast again about how secure your system is, >> because you hadn't had a break in after your latest "fix". >> > > > It won't break again. 'page' variable cannot be manipulated by arbitrary > url strings no more. > > This time is fixed for good. > > Your predictions are wrong. > I'm not a gambling man, but I'd put my house on the fact that your site is so insecure that even the little fingers of my team can get in. -- Python is the second best programming language in the world. But the best has yet to be invented. Christian Tismer Mark Lawrence