Στις 1/10/2013 1:43 πμ, ο/η Chris Angelico έγραψε:
On Tue, Oct 1, 2013 at 8:30 AM, Νίκος <nikos.gr...@gmail.com> wrote:
Στις 1/10/2013 1:28 πμ, ο/η Mark Lawrence έγραψε:
On 30/09/2013 23:19, Νίκος wrote:
2 dickheads names Joe & Mark work together to achieve total bullshit!
Well done Beavis & Butthead!
rofl...
Well aside from the fact that you've maintained your record by being
inaccurate with 50% of the names that you've quoted, it appears that
we've something that has very much in common with your website. Which
reminds me, is it still possible to access your users' names and
passwords in plain text or is that something that you've actually
bothered to fix?
Nope, it isn't. I have fixed it.
And this doesn't bother you???!?
Nikos, industry best practice is to make sure people can't steal all
your users' passwords *even if they get access to your hard drive*.
Passwords should be stored like this:
"92e25cf5beefd4982cedd2f28b430e0e9d23e0966ee3f20c74f825ebeeee9842"
That's the password "qwer", on an account named "asdf", on a mythical
system. Even knowing that, you can't work out what another password
means. Storing people's passwords in plain text is a HORRIBLE HORRIBLE
idea - and having them accessible to the world is a sign of a complete
and utter lack of any semblance of security.
I understand that bugs happen. But bugs of this criticality should be
your very highest priority... unless you're not actually in business
here, and you're just scamming a bunch of people by pretending you run
a legit enterprise.
ChrisA
I don't have the security awareness you have, but i'am learnign at the
process.
What maked you think i store peoples password in plain text?
All the user account passwords i set i do it via cPanel or via WHM.
How those services store the password in the linux server its up to them.
--
https://mail.python.org/mailman/listinfo/python-list
