Pillars of Python: Django Web framework
Django combines excellent backward compatibility, good admin tools, and a focus on developer ease
By Rick Grehan
Contributing Editor, InfoWorld |
The popular and well-regarded Django framework has been around since 2005. It is compatible with any 2.x Python from 2.4 onward, though 2.7 is recommended. The Django engineers are particularly sensitive to compatibility issues, so if a new release of Python adds a feature unavailable to earlier Django versions, engineers on the Django project will either modify code or release a library to make support in older Python versions transparent.
Django ships with all the pieces you need to build a Web application, requiring minimal installation of separate components. The framework includes an ORM (object-relational mapping layer), a template library, a forms library, an URL dispatch mechanism, an administration interface, and other support libraries and useful applications. When you install Django, all that's missing is an external RDBMS, and configuring a connection to a database is simple.
The framework has out-of-the-box protection for most common Web attacks; XSS (cross-site scripting), CSRF (cross-site request forgeries), and SQL injection top the list. In fact, Django's "by default" security features were given a tip of the hat by the Rails community when it introduced XSS protection in Ruby on Rails 3.
Django also provides a session management system, which handles the persisting of server-side session information and abstracting the passing of cookies as mechanisms for session support. It also installs an authentication library that supports the concepts of users and groups. Users can be assigned specific permissions (or given super user status), and the library provides functions for handling login/logout. To top it off, the administration utility (described below) that builds an application's database also creates tables needed to support user authentication.
Django's various elements are well integrated and nearly seamless. For example, you needn't worry about converting data procured from the ORM into a format that Django's form library can manipulate; that's handled automatically. Small issues that make coding easier are attended to as well. For example, naming conventions across the different components are standardized, which makes navigating through APIs much easier than it otherwise would be.
| Test Center Scorecard | |||||
|---|---|---|---|---|---|
| 40% | 25% | 25% | 10% | ||
| Django 1.3 | 8 | 8 | 9 | 8 |
8.3 Very Good |