I have created separately "PasGenerator.py" and "settings.py" , I am not sure but think is best practice.
However, I have noticed that I can access these endpoints directly
http://127.0.0.1:5000/password_generator
and
http://127.0.0.1:5000/settings
even without login. which is a security breach. well, not really as they cannot access any of the user data but security never the less
I have tried everything and am still not sure
I honestly thought that the decorator @login_required was all needed and that Falsk would do the rest
but I might be missing something important and.or obvious
I have created separately "PasGenerator.py" and "settings.py" , I am not sure but think is best practice. However, I have noticed that I can access these endpoints directly
http://127.0.0.1:5000/password_generator
andhttp://127.0.0.1:5000/settings
even without login. which is a security breach. well, not really as they cannot access any of the user data but security never the less I have tried everything and am still not sure
I honestly thought that the decorator @login_required was all needed and that Falsk would do the rest but I might be missing something important and.or obvious