科技回声

From: http://techcrunch.com/2010/09/12/youtube-live-streaming/<p>The widget embedded is rendering this on the page:<p>Traceback (most recent call last):<p><pre><code> File "/base/python_runtime/python_lib/versions/1/google/appengine/ext/webapp/__init__.py", line 511, in __call__ handler.get(*groups) File "/base/data/home/apps/yt-live/1.344714172147360500/event.py", line 69, in get evs = get_rows() File "/base/data/home/apps/yt-live/1.344714172147360500/event.py", line 9, in get_rows client = gdata.spreadsheet.text_db.DatabaseClient('kieran@bynd.com', 'projectmetal') File "/base/data/home/apps/yt-live/1.344714172147360500/gdata/spreadsheet/text_db.py", line 106, in __init__ self.SetCredentials(username, password) File "/base/data/home/apps/yt-live/1.344714172147360500/gdata/spreadsheet/text_db.py", line 127, in SetCredentials raise CaptchaRequired('Please visit https://www.google.com/accounts/'</code></pre> CaptchaRequired: Please visit https://www.google.com/accounts/DisplayUnlockCaptcha to unlock your account.

12 条评论

davidw超过 14 年前

One guy's password getting out, in the grand scheme of things, is perhaps not an "epic failure". I mean, it's a screwup all right, but perhaps some perspective is in order...

评论 #1686156 未加载

评论 #1686159 未加载

viraptor超过 14 年前

Slightly off-topic, but I wonder what is their versioning strategy. 1.344714172147360500 is pretty bizarre. Does anyone know how / why it's used?

评论 #1686153 未加载

评论 #1686082 未加载

评论 #1686293 未加载

oscardelben超过 14 年前

That's why you should never expose tracebacks in a production environment. But plain text? Really?

hellweaver666超过 14 年前

This reminds me of the time php.net went funny and started outputting all their PHP as text/html - they kept their DB credentials in a file included from their public_html directory and we were able to read the host details and username and password for their CMS.<p>Never ceases to amaze me that even big sites make little mistakes like that!

评论 #1686384 未加载

评论 #1709426 未加载

aw3c2超过 14 年前

That is one embarassingly trivial password

评论 #1686699 未加载

pilif超过 14 年前

Doesn't google docs support OAuth? That password should never have been in the code to begin with.

Thasc超过 14 年前

... has anyone told Kieran?

评论 #1688865 未加载

Garbage超过 14 年前

Have you reported this?

评论 #1685755 未加载

simplegeek超过 14 年前

Just out of curiosity what Python web framework YouTube uses?

riffic超过 14 年前

I hope kieran changes that password if he uses it elsewhere.

a904guy超过 14 年前

The widget has since been removed.

a904guy超过 14 年前

Widget is back. (Working)

12 条评论

davidw超过 14 年前

One guy's password getting out, in the grand scheme of things, is perhaps not an "epic failure". I mean, it's a screwup all right, but perhaps some perspective is in order...

评论 #1686156 未加载

评论 #1686159 未加载

viraptor超过 14 年前

Slightly off-topic, but I wonder what is their versioning strategy. 1.344714172147360500 is pretty bizarre. Does anyone know how / why it's used?

评论 #1686153 未加载

评论 #1686082 未加载

评论 #1686293 未加载

oscardelben超过 14 年前

That's why you should never expose tracebacks in a production environment. But plain text? Really?

hellweaver666超过 14 年前

评论 #1686384 未加载

评论 #1709426 未加载

aw3c2超过 14 年前

That is one embarassingly trivial password

评论 #1686699 未加载

pilif超过 14 年前

Doesn't google docs support OAuth? That password should never have been in the code to begin with.

Thasc超过 14 年前

... has anyone told Kieran?

评论 #1688865 未加载

Garbage超过 14 年前

Have you reported this?

评论 #1685755 未加载

simplegeek超过 14 年前

Just out of curiosity what Python web framework YouTube uses?

riffic超过 14 年前

I hope kieran changes that password if he uses it elsewhere.

a904guy超过 14 年前

The widget has since been removed.

a904guy超过 14 年前

Widget is back. (Working)

Youtube Live Epic Failure (Plaintext DB Password Exposed)

12 条评论

Youtube Live Epic Failure (Plaintext DB Password Exposed)

12 条评论