Forum OpenACS Q&A: Response to Stealing Email Addresses -3x

Collapse
9: Response to Stealing Email Addresses -3x (response to 1)
Posted by David Walker on 08/13/02 06:08 PM
It can be used to harvest the user database. Sign up for a free account and then tell your program to hit 
/shared/community-member.tcl?user_id=1   
/shared/community-member.tcl?user_id=2   
/shared/community-member.tcl?user_id=3
It does not give the user any information they don't have permission to receive but it will allow retrieving the entire user database including deleted users.