The popular and well-regarded Django framework has been around since 2005. It is compatible with any 2.x Python from 2.4 onward, though 2.7 is recommended. The Django engineers are particularly sensitive to compatibility issues, so if a new release of Python adds a feature unavailable to earlier Django versions, engineers on the Django project will either modify code or release a library to make support in older Python versions transparent.
Django ships with all the pieces you need to build a Web application, requiring minimal installation of separate components. The framework includes an ORM (object-relational mapping layer), a template library, a forms library, an URL dispatch mechanism, an administration interface, and other support libraries and useful applications. When you install Django, all that's missing is an external RDBMS, and configuring a connection to a database is simple.
The framework has out-of-the-box protection for most common Web attacks; XSS (cross-site scripting), CSRF (cross-site request forgeries), and SQL injection top the list. In fact, Django's "by default" security features were given a tip of the hat by the Rails community when it introduced XSS protection in Ruby on Rails 3.
Django also provides a session management system, which handles the persisting of server-side session information and abstracting the passing of cookies as mechanisms for session support. It also installs an authentication library that supports the concepts of users and groups. Users can be assigned specific permissions (or given super user status), and the library provides functions for handling login/logout. To top it off, the administration utility (described below) that builds an application's database also creates tables needed to support user authentication.
You're viewing Insider content