Forum OpenACS Q&A: Response to Stealing Email Addresses -3x

Posted by MaineBob OConnor on
Thanks for your Great Suggestions... Don, Yes, AOLserver is talking to PG locally. Jon, I think that it is an SQL attack and I will some code checks as suggested by Stan. Don, How does Ben's "Validate Integer" code work? Is is a proc? I was thinking of using:
if { $user_id > 0 && $user_id < 1000001 } {
  # do normal stuff
} else {
  # send to 404 not found page.

David, I have extensively modified and expanded /shared/community-member.tcl so I will check that closely.