Insecure Design

Your code should fail securely: it is important to anticipate failure conditions, and ensure you do not leak internal architectural details in error messages. If unexpected error conditions arise, ensure you can roll back any database transactions to ensure data in not left in a corrupted state.

Failing Securely

   @app.route('/connect/<client_id>')
def connect(client_id):
  """Attempt to open a connection the specified client."""

  try:
    connection = pool.connect(client_id)
    session['connection_id'] = connection.id
    return { 'message' : 'Connection established' }
  except ConnectionFailure as e:
    # Log the error on the server-side, but send an innocuous message
    # back to the user so we don't leak information.
    log.error(e)
    return { 'message' : 'Unable to connect' }, 400 