Insecure Design

When designing a system, pay particular attention to trust boundaries, where untrusted input enters the application. It often helps to think about sources - where input enters the system - and syncs - places in the code where sensitive operations are performed. Tracing through the code from each source to each sync will help highlight potential vulnerabilities.

Trust Boundaries

   @app.route("/login", methods=["POST"])
def do_login():
  """Attempt to verify the username and password supplied by this user."""
  username = request.form["username"]
  password = request.form["password"]

  user = find_user_with_password(username, password)

  if not user:
    flash("Invalid credentials", "error")
    return redirect("/login")

  # Don"t write untrusted content to the session until is has been verified.
  session["username"] = username

  return redirect("/timeline") 