Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!goblin1!goblin.stu.neva.ru!uio.no!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <timothy.c.delaney@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.189
X-Spam-Level: *
X-Spam-Evidence: '*H*': 0.63; '*S*': 0.01; "'utf8',": 0.16; 'charset': 0.16; 'password,': 0.16; 'posted.': 0.16; 'wrote:': 0.18; 'email addr:gmail.com&gt;': 0.22; 'of.': 0.24; 'password.': 0.24; 'login': 0.25; 'pass': 0.26; 'somewhere': 0.26; 'header:In-Reply- To:1': 0.27; 'host': 0.29; 'possibility': 0.29; 'tim': 0.29; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; 'to:name:python- list': 0.33; 'could': 0.34; 'display': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'being': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'system.': 0.39; 'course': 0.61; "you're": 0.61; 'personal': 0.63; 'chance': 0.65; 'account': 0.65; 'kept': 0.65; 'details': 0.65; 'locked': 0.84; 'unaware': 0.84; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=JGe4qFfKoYl5BJZaxvGJTDn1pPDP1EDpld02BNsthWs=; b=Eyq5t8bqcInDKQIhl3bAV5Bxf9+3YsTjF+RU5jAZQQUeiMbCFbYQyBDMtdwUp11HHA c+hgvTdD2Tk7XJZdUwPpnU2DsPdpZdk0XFscGcEPAwtk+jhpIwf9sUjx7+2Mr0vGW/V5 ZLo7s/g2b76sLcqjCmG7e2PW1VTC9BIDiq3zKPiYuGBjz+obthrjRx6R5d53Sb1xodTw tvSqxrWcr4up3XzbWYUoroL+9VMlvaXaXggmF6ZDjn/49RLsRZ0SmB8nT88h9TWMOlAj x5JlDXcFbUqQSZCrR/Nbc3p3rPvkxy1vLo2juPjItJw0It1Rcr8dbYyOxcpiivJqwEJQ lShA==
MIME-Version: 1.0
X-Received: by 10.66.25.70 with SMTP id a6mr47528pag.68.1380671310932; Tue, 01 Oct 2013 16:48:30 -0700 (PDT)
In-Reply-To: <l2flr8$vps$1@dont-email.me>
References: <l2e6cp$vs9$1@dont-email.me> <mailman.579.1380668964.18130.python-list@python.org> <l2flr8$vps$1@dont-email.me>
Date: Wed, 2 Oct 2013 09:48:30 +1000
Subject: Re: JUST GOT HACKED
From: Tim Delaney <timothy.c.delaney@gmail.com>
To: Python-List <python-list@python.org>
Content-Type: multipart/alternative; boundary=bcaec52992830a313a04e7b697f5
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.581.1380671320.18130.python-list@python.org>
Lines: 62
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1380671320 news.xs4all.nl 15920 [2001:888:2000:d::a6]:60221
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:55259

--bcaec52992830a313a04e7b697f5
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 2 October 2013 09:28, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 <nikos.gr33k@gmail.=
com> wrote:

>
> con =3D pymysql.connect( db =3D 'mypass', user =3D 'myuser', passwd =3D
> 'mysqlpass', charset =3D 'utf8', host =3D 'localhost' )
>
> That was viewable by the link Mark have posted.
>
> But this wasnt my personal's account's login password, that was just the
> mysql password.
>
> Mysql pass !=3D account's password


Because there's no chance with the brilliance you display that there could
be any possibility of login details being kept in plaintext in your
database.

And of course your database is so well locked down that no attacker with a
login to it could then execute arbitrary code on your system.

And there's also zero chance that your personal account login details are
also available in plaintext somewhere that you're unaware of.

Tim Delaney

--bcaec52992830a313a04e7b697f5
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">On 2 October 2013 09:28, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 <s=
pan dir=3D"ltr">&lt;<a href=3D"mailto:nikos.gr33k@gmail.com" target=3D"_bla=
nk">nikos.gr33k@gmail.com</a>&gt;</span> wrote:<br><div class=3D"gmail_extr=
a"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
con =3D pymysql.connect( db =3D &#39;mypass&#39;, user =3D &#39;myuser&#39;=
, passwd =3D &#39;mysqlpass&#39;, charset =3D &#39;utf8&#39;, host =3D &#39=
;localhost&#39; )<br>
<br>
That was viewable by the link Mark have posted.<br>
<br>
But this wasnt my personal&#39;s account&#39;s login password, that was jus=
t the mysql password.<br>
<br>
Mysql pass !=3D account&#39;s password</blockquote><div><br></div><div>Beca=
use there&#39;s no chance with the brilliance you display that there could =
be any possibility of login details being kept in plaintext in your databas=
e.</div>
<div><br></div><div>And of course your database is so well locked down that=
 no attacker with a login to it could then execute arbitrary code on your s=
ystem.</div><div><br></div><div>And there&#39;s also zero chance that your =
personal account login details are also available in plaintext somewhere th=
at you&#39;re unaware of.</div>
<div><br></div><div>Tim Delaney=C2=A0<br></div></div></div></div>

--bcaec52992830a313a04e7b697f5--