On Tue, Oct 1, 2013 at 8:30 AM, Νίκος <nikos.gr...@gmail.com> wrote: > Στις 1/10/2013 1:28 πμ, ο/η Mark Lawrence έγραψε: >> >> On 30/09/2013 23:19, Νίκος wrote: >>> >>> >>> 2 dickheads names Joe & Mark work together to achieve total bullshit! >>> Well done Beavis & Butthead! >>> rofl... >>> >> >> Well aside from the fact that you've maintained your record by being >> inaccurate with 50% of the names that you've quoted, it appears that >> we've something that has very much in common with your website. Which >> reminds me, is it still possible to access your users' names and >> passwords in plain text or is that something that you've actually >> bothered to fix? > > > Nope, it isn't. I have fixed it.
And this doesn't bother you???!? Nikos, industry best practice is to make sure people can't steal all your users' passwords *even if they get access to your hard drive*. Passwords should be stored like this: "92e25cf5beefd4982cedd2f28b430e0e9d23e0966ee3f20c74f825ebeeee9842" That's the password "qwer", on an account named "asdf", on a mythical system. Even knowing that, you can't work out what another password means. Storing people's passwords in plain text is a HORRIBLE HORRIBLE idea - and having them accessible to the world is a sign of a complete and utter lack of any semblance of security. I understand that bugs happen. But bugs of this criticality should be your very highest priority... unless you're not actually in business here, and you're just scamming a bunch of people by pretending you run a legit enterprise. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
