To whoever hacked into my Database
timothy.c.delaney at gmail.com
Thu Nov 7 23:46:52 CET 2013
On 8 November 2013 09:45, Tim Delaney <timothy.c.delaney at gmail.com> wrote:
> On 8 November 2013 09:18, Νίκος Αλεξόπουλος <nikos.gr33k at gmail.com> wrote:
>> I feel a bit proud because as it seems i have manages to secure it more
>> tight. All i need to do was to validate user input data, so the hacker
>> won't be able again to pass bogus values to specific variables that my
>> script was using.
> So we now have confirmation that Nikos' site is subject to SQL injection
> attacks on anything that he is not specifically validating. And I'm
> absolutely sure that he has identified every location where input needs to
> be validated, and that it is impossible to get past the level of validation
> that he's doing, so the site is completely secure! Just like the last time
> he claimed that (and the time before, and the time before that ...).
Not to mention the idiocy of exposing your web server logs to the outside
world ... (no - I didn't go there - I want no chance of getting malware
from his site).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list