To whoever hacked into my Database
Alister
alister.ware at ntlworld.com
Sun Nov 10 07:42:52 EST 2013
On Sun, 10 Nov 2013 01:44:17 +0000, ishish wrote:
> Am 09.11.2013 15:07, schrieb Steven D'Aprano:
> ...
>> Nikos, you have annoyed and alienated enough people here...
>
> Sorry, I DO NOT AGREE! These threads keep my entire office entertained.
> I would even go so far to suggest, that we should set up an entirely new
> mailing list for Nikos only, maybe something called like
> acropolis-list(at)python.org.
>
> Mea culpa, I am entirely aware that this is an IT list, but hey, when
> you have done 2x65ish hrs per week in a row - standing in for our Ops
> Guy, holidaying - you really start to appreciating little interruptions
> like this...
>
> Greekings ...oops, meant greetings from Tartan-Land,
>
> Sas&Co
I too am leaning plenty from watching Nicos' tales of woe, thank you
Nicos.
To repay the favour one instant lesson i can see that you need to apply
is how you are using the page variable to select pages.
Do not use the value provided as the direct source of the page name
instead us it as a key to look up the page in a white-list, no where do i
store that white list? I know how about another database table.
I know you don't seem to like using more than one table Nicos but that is
daft. they are not rationed & cost nothing.
Also when you fail to find a page in the white-list return nothing, there
is no point in giving potential hackers any more clues than necessary.
I also suggest you check your firewall you seem to have far more ports
open to the public internet than should ever be necessary. to follow on
from one of the other security analogy's posted here you would not put
the door to your house safe on the outside wall even if you think it has
a stronger lock than your front door.
--
He who despises himself nevertheless esteems himself as a self-despiser.
-- Friedrich Nietzsche
More information about the Python-list
mailing list