change the web address??
"The main concern raised by the security flaw was that it may have been possible for miscreants to develop a script to go through the site and harvest property details. Intrusion prevention or other security technologies might have been tripped by such behaviour."
I really doubt that. If they've not noticed you can change the URL to another users id and see their records , I'm pretty certain they havent implemented a "oh no , all are members have the same IP" alarm.
You have to at least build a lock before you can lock it!
This is like assuming your users will only access parts of the network that they have a mapping to.