[Solved] Identify the security issue in this Flask route and how to fix it:@app.route('/profile') def profile(): user_id = request.args.... | Flask

Flask - Security Best Practices

Identify the security issue in this Flask route and how to fix it:

@app.route('/profile')
def profile():
    user_id = request.args.get('user_id')
    user = get_user_from_db(user_id)
    return f'Profile page of {user.name}'

AReturn JSON instead of string

BNo issue, code is secure

CUse POST method instead of GET

DMissing user authentication check; add session check before fetching user

Step-by-Step Solution

Solution:

Step 1: Identify missing authentication
The route fetches user data based on a URL parameter without checking if the requester is logged in or authorized.
Step 2: Fix by adding session user check
Adding a check like if not session.get('user'): with abort(401) prevents unauthorized access.
Final Answer:
Missing user authentication check; add session check before fetching user -> Option D
Quick Check:
Check session before data access [OK]

Quick Trick: Always check session before accessing user data [OK]

Common Mistakes:

MISTAKES

Thinking GET vs POST fixes security here
Ignoring authentication checks
Believing JSON return fixes security

Master "Security Best Practices" in Flask

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

More Flask Quizzes

Identify the security issue in this Flask route and how to fix it:

Step 1: Identify missing authentication

Step 2: Fix by adding session user check

Final Answer:

Quick Check:

Want More Practice?