From 98de3be5fe46f2f983d9c4c813663d552737cd9b Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 20:20:04 +0000 Subject: [PATCH] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- docs/tutorial/views.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/tutorial/views.rst b/docs/tutorial/views.rst index f490eb84..e8cdfd40 100644 --- a/docs/tutorial/views.rst +++ b/docs/tutorial/views.rst @@ -213,12 +213,12 @@ There are a few differences from the ``register`` view: session. The data is stored in a *cookie* that is sent to the browser, and the browser then sends it back with subsequent requests. Flask securely *signs* the data so that it can't be tampered with. - -In this tutorial - for debugging purposes - the error messages are explicit -about the origin of the corresponding failure: a user already exists, the password + +In this tutorial - for debugging purposes - the error messages are explicit +about the origin of the corresponding failure: a user already exists, the password is incorrect or the username does not exist. In a real world application, it is discouraged to do so, as this information might be helpful to potential attackers. To learn more about -secure handling of error messages, see the +secure handling of error messages, see the [OWASP recommendations](https://owasp.org/www-project-proactive-controls/v3/en/c10-errors-exceptions). Now that the user's ``id`` is stored in the :data:`session`, it will be