To whoever hacked into my Database

MRAB python at mrabarnett.plus.com
Thu Nov 7 19:28:24 CET 2013


On 07/11/2013 18:11, Mark Lawrence wrote:
> On 07/11/2013 17:42, Νίκος Αλεξόπουλος wrote:
>> Στις 7/11/2013 6:34 μμ, ο/η Mark Lawrence έγραψε:
>>> On 07/11/2013 13:47, Νίκος Αλεξόπουλος wrote:
>>>> Στις 7/11/2013 11:31 πμ, ο/η Ferrous Cranus έγραψε:
>>>>> Τη Πέμπτη, 7 Νοεμβρίου 2013 11:15:02 π.μ. UTC+2, ο χρήστης Steve
>>>>> Simmons έγραψε:
>>>>>
>>>>>> Please tell me you aren't storing details of customers and payments
>>>>>> on your Web > server.
>>>>>
>>>>>
>>>>> Oh but i do!
>>>>> I need this information to be accessible ONLY FOR ME via my website
>>>>> 'http://superhost.gr' i just need to secure it more tight.
>>>>>
>>>>
>>>> I think i have made it.
>>>>
>>>> The hacker, didn't manage to mess again with either of my counters or
>>>> clients databases.
>>>>
>>>> Too bad! I though 'she' was better than that!
>>>
>>> She's just biding her time so as to cause you maximum pain!!!
>>>
>>
>>
>> Bring it on baby!
>>
>> I like this challenge because it makes me improve on overall python
>> script security(most of it being securing user input data before
>> actually perform database queries).
>
> Yeah right.  You can't build a house until you've got the foundations
> right, so how can you improve on something when you know absolutely
> nothing about it in the first place?
>
[snip]
A better analogy would be that of inviting people to break into your
house so that you can better learn how to prevent people from breaking
into your house. The wise course would've been to fit and use locks,
and not to hand the keys to strangers...




More information about the Python-list mailing list