To whoever hacked into my Database
Tim Delaney
timothy.c.delaney at gmail.com
Thu Nov 7 17:46:52 EST 2013
On 8 November 2013 09:45, Tim Delaney <timothy.c.delaney at gmail.com> wrote:
> On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr33k at gmail.com> wrote:
>
>> I feel a bit proud because as it seems i have manages to secure it more
>> tight. All i need to do was to validate user input data, so the hacker
>> won't be able again to pass bogus values to specific variables that my
>> script was using.
>>
>
> So we now have confirmation that Nikos' site is subject to SQL injection
> attacks on anything that he is not specifically validating. And I'm
> absolutely sure that he has identified every location where input needs to
> be validated, and that it is impossible to get past the level of validation
> that he's doing, so the site is completely secure! Just like the last time
> he claimed that (and the time before, and the time before that ...).
>
Not to mention the idiocy of exposing your web server logs to the outside
world ... (no - I didn't go there - I want no chance of getting malware
from his site).
Tim Delaney
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20131108/8d4dd6b2/attachment.html>
More information about the Python-list
mailing list