|
|
|
|
Foreword
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Read this before you get started with Flask. This hopefully answers some
|
|
|
|
|
questions about the purpose and goals of the project, and when you
|
|
|
|
|
should or should not be using it.
|
|
|
|
|
|
|
|
|
|
What does "micro" mean?
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
To me, the "micro" in microframework refers not only to the simplicity and
|
|
|
|
|
small size of the framework, but also to the typically limited complexity
|
|
|
|
|
and size of applications that are written with the framework. To be
|
|
|
|
|
approachable and concise, a microframework sacrifices a few features that
|
|
|
|
|
may be necessary in larger or more complex applications.
|
|
|
|
|
|
|
|
|
|
For example, Flask uses thread-local objects internally so that you don't
|
|
|
|
|
have to pass objects around from function to function within a request in
|
|
|
|
|
order to stay threadsafe. While this is a really easy approach and saves
|
|
|
|
|
you a lot of time, it might also cause some troubles for very large
|
|
|
|
|
applications because changes on these thread-local objects can happen
|
|
|
|
|
anywhere in the same thread.
|
|
|
|
|
|
|
|
|
|
Flask provides some tools to deal with the downsides of this approach but
|
|
|
|
|
it might be an issue for larger applications. Flask is also based on
|
|
|
|
|
convention over configuration, which means that many things are
|
|
|
|
|
preconfigured and will work well for smaller applications but not so well
|
|
|
|
|
for larger ones. For example, by convention, templates and static files
|
|
|
|
|
are in subdirectories within the Python source tree of the application.
|
|
|
|
|
|
|
|
|
|
However Flask is not much code and built in a very solid foundation and
|
|
|
|
|
with that very easy to adapt for large applications. If you are
|
|
|
|
|
interested in that, check out the :ref:`becomingbig` chapter.
|
|
|
|
|
|
|
|
|
|
A Framework and an Example
|
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
|
|
Flask is not only a microframework; it is also an example. Based on
|
|
|
|
|
Flask, there will be a series of blog posts that explain how to create a
|
|
|
|
|
framework. Flask itself is just one way to implement a framework on top
|
|
|
|
|
of existing libraries. Unlike many other microframeworks, Flask does not
|
|
|
|
|
try to implement everything on its own; it reuses existing code.
|
|
|
|
|
|
|
|
|
|
Web Development is Dangerous
|
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
|
|
I'm not joking. Well, maybe a little. If you write a web
|
|
|
|
|
application, you are probably allowing users to register and leave their
|
|
|
|
|
data on your server. The users are entrusting you with data. And even if
|
|
|
|
|
you are the only user that might leave data in your application, you still
|
|
|
|
|
want that data to be stored securely.
|
|
|
|
|
|
|
|
|
|
Unfortunately, there are many ways the security of a web application can be
|
|
|
|
|
compromised. Flask protects you against one of the most common security
|
|
|
|
|
problems of modern web applications: cross-site scripting (XSS). Unless
|
|
|
|
|
you deliberately mark insecure HTML as secure, Flask and the underlying
|
|
|
|
|
Jinja2 template engine have you covered. But there are many more ways to
|
|
|
|
|
cause security problems.
|
|
|
|
|
|
|
|
|
|
The documentation will warn you about aspects of web development that
|
|
|
|
|
require attention to security. Some of these security concerns
|
|
|
|
|
are far more complex than one might think, and we all sometimes underestimate
|
|
|
|
|
the likelihood that a vulnerability will be exploited, until a clever
|
|
|
|
|
attacker figures out a way to exploit our applications. And don't think
|
|
|
|
|
that your application is not important enough to attract an attacker.
|
|
|
|
|
Depending on the kind of attack, chances are that automated bots are
|
|
|
|
|
probing for ways to fill your database with spam, links to malicious
|
|
|
|
|
software, and the like.
|
|
|
|
|
|
|
|
|
|
So always keep security in mind when doing web development.
|
|
|
|
|
|
|
|
|
|
Target Audience
|
|
|
|
|
---------------
|
|
|
|
|
|
|
|
|
|
Is Flask for you? If your application is small-ish and does not depend on
|
|
|
|
|
very complex database structures, Flask is the Framework for you. It was
|
|
|
|
|
designed from the ground up to be easy to use, and built on the firm
|
|
|
|
|
foundation of established principles, good intentions, and mature, widely
|
|
|
|
|
used libraries. Recent versions of Flask scale nicely within reasonable
|
|
|
|
|
bounds, and if you grow larger, you won't have any trouble adjusting Flask
|
|
|
|
|
for your new application size.
|
|
|
|
|
|
|
|
|
|
If you suddenly discover that your application grows larger than
|
|
|
|
|
originally intended, head over to the :ref:`becomingbig` section to see
|
|
|
|
|
some possible solutions for larger applications.
|
|
|
|
|
|
|
|
|
|
Satisfied? Then let's proceed with :ref:`installation`.
|
