|
|
|
|
Foreword
|
|
|
|
|
========
|
|
|
|
|
|
|
|
|
|
Read this before you get started with Flask. This hopefully answers some
|
|
|
|
|
questions about the purpose and goals of the project, and when you
|
|
|
|
|
should or should not be using it.
|
|
|
|
|
|
|
|
|
|
What does "micro" mean?
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
To me, the "micro" in microframework refers not only to the simplicity and
|
|
|
|
|
small size of the framework, but also to the typically limited complexity
|
|
|
|
|
and size of applications that are written with the framework. To be
|
|
|
|
|
approachable and concise, a microframework sacrifices a few features that
|
|
|
|
|
may be necessary in larger or more complex applications.
|
|
|
|
|
|
|
|
|
|
For example, Flask uses thread-local objects internally so that you don't
|
|
|
|
|
have to pass objects around from function to function within a request in
|
|
|
|
|
order to stay threadsafe. While this is a really easy approach and saves
|
|
|
|
|
you a lot of time, it also does not scale well to large applications.
|
|
|
|
|
It's especially painful for more complex unittests, and when you suddenly
|
|
|
|
|
have to deal with code being executed outside of the context of a request,
|
|
|
|
|
such as in cron jobs.
|
|
|
|
|
|
|
|
|
|
Flask provides some tools to deal with the downsides of this approach, but
|
|
|
|
|
the core problem remains. Flask is also based on convention over
|
|
|
|
|
configuration, which means that many things are preconfigured and will
|
|
|
|
|
work well for smaller applications but not so well for larger ones. For
|
|
|
|
|
example, by convention, templates and static files are in subdirectories
|
|
|
|
|
within the Python source tree of the application.
|
|
|
|
|
|
|
|
|
|
But don't worry if your application suddenly grows larger
|
|
|
|
|
and you're afraid Flask might not grow with it. Even with
|
|
|
|
|
larger frameworks, you'll eventually discover that you need
|
|
|
|
|
something the framework just cannot do for you without modification.
|
|
|
|
|
If you are ever in that situation, check out the :ref:`becomingbig`
|
|
|
|
|
chapter.
|
|
|
|
|
|
|
|
|
|
A Framework and an Example
|
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
|
|
Flask is not only a microframework; it is also an example. Based on
|
|
|
|
|
Flask, there will be a series of blog posts that explain how to create a
|
|
|
|
|
framework. Flask itself is just one way to implement a framework on top
|
|
|
|
|
of existing libraries. Unlike many other microframeworks, Flask does not
|
|
|
|
|
try to implement everything on its own; it reuses existing code.
|
|
|
|
|
|
|
|
|
|
Web Development is Dangerous
|
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
|
|
I'm not joking. Well, maybe a little. If you write a web
|
|
|
|
|
application, you are probably allowing users to register and leave their
|
|
|
|
|
data on your server. The users are entrusting you with data. And even if
|
|
|
|
|
you are the only user that might leave data in your application, you still
|
|
|
|
|
want that data to be stored securely.
|
|
|
|
|
|
|
|
|
|
Unfortunately, there are many ways the security of a web application can be
|
|
|
|
|
compromised. Flask protects you against one of the most common security
|
|
|
|
|
problems of modern web applications: cross-site scripting (XSS). Unless
|
|
|
|
|
you deliberately mark insecure HTML as secure, Flask and the underlying
|
|
|
|
|
Jinja2 template engine have you covered. But there are many more ways to
|
|
|
|
|
cause security problems.
|
|
|
|
|
|
|
|
|
|
The documentation will warn you about aspects of web development that
|
|
|
|
|
require attention to security. Some of these security concerns
|
|
|
|
|
are far more complex than one might think, and we all sometimes underestimate
|
|
|
|
|
the likelihood that a vulnerability will be exploited, until a clever
|
|
|
|
|
attacker figures out a way to exploit our applications. And don't think
|
|
|
|
|
that your application is not important enough to attract an attacker.
|
|
|
|
|
Depending on the kind of attack, chances are that automated bots are
|
|
|
|
|
probing for ways to fill your database with spam, links to malicious
|
|
|
|
|
software, and the like.
|
|
|
|
|
|
|
|
|
|
So always keep security in mind when doing web development.
|
|
|
|
|
|
|
|
|
|
Target Audience
|
|
|
|
|
---------------
|
|
|
|
|
|
|
|
|
|
Is Flask for you? If your application is small-ish and does not depend on
|
|
|
|
|
very complex database structures, Flask is the Framework for you. It was
|
|
|
|
|
designed from the ground up to be easy to use, and built on the firm
|
|
|
|
|
foundation of established principles, good intentions, and mature, widely
|
|
|
|
|
used libraries. Recent versions of Flask scale nicely within reasonable
|
|
|
|
|
bounds, and if you grow larger, you won't have any trouble adjusting Flask
|
|
|
|
|
for your new application size.
|
|
|
|
|
|
|
|
|
|
If you suddenly discover that your application grows larger than
|
|
|
|
|
originally intended, head over to the :ref:`becomingbig` section to see
|
|
|
|
|
some possible solutions for larger applications.
|
|
|
|
|
|
|
|
|
|
Satisfied? Then let's proceed with :ref:`installation`.
|
