Insecure Design

Encrypting data at rest and in transit will protect against monster-in-the-middle attacks and protect sensitive information from being read if it is stolen.

Smart Use of Encryption

   @app.route('/signup', methods=('POST',))
def do_signup():
  username = request.form['username']
  password = request.form['password']

  # The user is signing up - calculated their password hash and save it to the database.
  salt   = bcrypt.gensalt()
  hashed = bcrypt.hashpw(password, salt)

  save_credentials(username, hashed)

  return redirect('/login') 