[quote=@LegendBegins]
<Snipped quote by Mahz>

That is a part of it. Does the Guild prevent image-code injection, SQL Injection, flood protection, etc?
[/quote]

- Avatar uploads are uploaded to and served from Amazon's servers. And first I check the binary blob to ensure it's an image.
- SQL queries are all parameterized.
- Not much in the way of flood protection yet, but that's not a security issue.

Fortunately the guild's only sensitive data are private convos and email addresses, which narrows the surface area for me to watch.