Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!news.etla.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.013 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'charset:iso-8859-7': 0.04; 'skip:" 60': 0.07; "subject:' ": 0.07; 'happen.': 0.09; 'lawrence': 0.09; "people's": 0.09; 'security.': 0.09; 'subject:position': 0.09; 'stored': 0.12; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'inaccurate': 0.16; 'means.': 0.16; 'mythical': 0.16; 'nope,': 0.16; 'storing': 0.16; 'subject: \n ': 0.16; 'subject:start': 0.16; 'wrote:': 0.18; '>>>': 0.22; 'appears': 0.22; 'this:': 0.26; 'header:In-Reply- To:1': 0.27; 'record': 0.27; 'idea': 0.28; 'fixed': 0.29; 'am,': 0.29; "doesn't": 0.30; 'joe': 0.30; 'message-id:@mail.gmail.com': 0.30; '8:30': 0.31; 'bunch': 0.31; 'run': 0.32; 'another': 0.32; 'text': 0.33; 'bugs': 0.33; 'plain': 0.33; "can't": 0.35; 'common': 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'accessible': 0.36; 'maintained': 0.36; 'passwords': 0.36; 'done': 0.36; 'possible': 0.36; 'should': 0.36; 'being': 0.38; 'to:addr:python-list': 0.38; 'fact': 0.38; 'that,': 0.38; 'aside': 0.39; 'highest': 0.39; 'subject:can': 0.39; 'sure': 0.39; 'to:addr:python.org': 0.39; 'system.': 0.39; 'even': 0.60; "you're": 0.61; 'complete': 0.62; "you've": 0.63; 'total': 0.65; 'account': 0.65; 'world': 0.66; 'bothered': 0.68; 'business': 0.70; 'industry': 0.73; '50%': 0.78; 'lack': 0.78; 'horrible': 0.84; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=Jrw0UfB58kGa4A8mxb6q0XoIHB0590BIJro+h+b8/38=; b=VROjUtk9d5BbLgS4pczT27tMRQ1Sj5IQGSn01/eFqN9NpPbW41ic2fEWhglPP3Cg5C 7E439ZQkBBFwVnFUxYVkv/7TTlHF67REJhVeIsuUBMJM3OnUdzg2CkB5VKRdBnQiE6R7 v8T2+p66HqngKCRp0tcp3LMcaj4aC+L7p36KTIqM5Vk5Mo9JAXxEJWEazAOT4dBErkRu xrkm9Pjmf/bQmTxNYG+lXfo+mJdZIgYDemW1qEkmuuKJAB5bdxP7zfSb+MA7RzL0vAAg +xR+dLUu9OM/S80IoDdj+UfxYbRMyrUTDjKm5ocqZDFbpRaH5HGcwMb9oP/euoykgTrN 6NRg== MIME-Version: 1.0 X-Received: by 10.220.237.208 with SMTP id kp16mr18694762vcb.4.1380580988429; Mon, 30 Sep 2013 15:43:08 -0700 (PDT) In-Reply-To: References: <5247f6bb$0$29988$c3e8da3$5496439d@news.astraweb.com> Date: Tue, 1 Oct 2013 08:43:08 +1000 Subject: Re: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xb6 in position 0: invalid start byte From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 43 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1380580997 news.xs4all.nl 15984 [2001:888:2000:d::a6]:38357 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:55137 On Tue, Oct 1, 2013 at 8:30 AM, =CD=DF=EA=EF=F2 wro= te: > =D3=F4=E9=F2 1/10/2013 1:28 =F0=EC, =EF/=E7 Mark Lawrence =DD=E3=F1=E1=F8= =E5: >> >> On 30/09/2013 23:19, =CD=DF=EA=EF=F2 wrote: >>> >>> >>> 2 dickheads names Joe & Mark work together to achieve total bullshit! >>> Well done Beavis & Butthead! >>> rofl... >>> >> >> Well aside from the fact that you've maintained your record by being >> inaccurate with 50% of the names that you've quoted, it appears that >> we've something that has very much in common with your website. Which >> reminds me, is it still possible to access your users' names and >> passwords in plain text or is that something that you've actually >> bothered to fix? > > > Nope, it isn't. I have fixed it. And this doesn't bother you???!? Nikos, industry best practice is to make sure people can't steal all your users' passwords *even if they get access to your hard drive*. Passwords should be stored like this: "92e25cf5beefd4982cedd2f28b430e0e9d23e0966ee3f20c74f825ebeeee9842" That's the password "qwer", on an account named "asdf", on a mythical system. Even knowing that, you can't work out what another password means. Storing people's passwords in plain text is a HORRIBLE HORRIBLE idea - and having them accessible to the world is a sign of a complete and utter lack of any semblance of security. I understand that bugs happen. But bugs of this criticality should be your very highest priority... unless you're not actually in business here, and you're just scamming a bunch of people by pretending you run a legit enterprise. ChrisA