|
|
|
|
@ -2,90 +2,90 @@ Foreword
|
|
|
|
|
======== |
|
|
|
|
|
|
|
|
|
Read this before you get started with Flask. This hopefully answers some |
|
|
|
|
questions about the intention of the project, what it aims at and when you |
|
|
|
|
questions about the purpose and goals of the project, and when you |
|
|
|
|
should or should not be using it. |
|
|
|
|
|
|
|
|
|
What does Micro Mean? |
|
|
|
|
--------------------- |
|
|
|
|
What does "micro" mean? |
|
|
|
|
----------------------- |
|
|
|
|
|
|
|
|
|
The micro in microframework for me means on the one hand being small in |
|
|
|
|
size and complexity but on the other hand also that the complexity of the |
|
|
|
|
applications that are written with these frameworks do not exceed a |
|
|
|
|
certain size. A microframework like Flask sacrifices a few things in |
|
|
|
|
order to be approachable and to be as concise as possible. |
|
|
|
|
To me, the "micro" in microframework refers not only to the simplicity and |
|
|
|
|
small size of the framework, but also to the typically limited complexity |
|
|
|
|
and size of applications that are written with the framework. To be |
|
|
|
|
approachable and concise, a microframework sacrifices a few features that |
|
|
|
|
may be necessary in larger or more complex applications. |
|
|
|
|
|
|
|
|
|
For example Flask uses thread local objects internally so that you don't |
|
|
|
|
For example, Flask uses thread-local objects internally so that you don't |
|
|
|
|
have to pass objects around from function to function within a request in |
|
|
|
|
order to stay threadsafe. While this is a really easy approach and saves |
|
|
|
|
you a lot of time, it also does not scale well to large applications. |
|
|
|
|
It's especially painful for more complex unittests and when you suddenly |
|
|
|
|
have to deal with code being executed outside of the context of a request |
|
|
|
|
(for example if you have cronjobs). |
|
|
|
|
|
|
|
|
|
Flask provides some tools to deal with the downsides of this approach but |
|
|
|
|
the core problem of this approach obviously stays. It is also based on |
|
|
|
|
convention over configuration which means that a lot of things are |
|
|
|
|
preconfigured in Flask and will work well for smaller applications but not |
|
|
|
|
so much for larger ones (where and how it looks for templates, static |
|
|
|
|
files etc.) |
|
|
|
|
|
|
|
|
|
But don't worry if your application suddenly grows larger than it was |
|
|
|
|
initially and you're afraid Flask might not grow with it. Even with |
|
|
|
|
larger frameworks you sooner or later will find out that you need |
|
|
|
|
It's especially painful for more complex unittests, and when you suddenly |
|
|
|
|
have to deal with code being executed outside of the context of a request, |
|
|
|
|
such as in cron jobs. |
|
|
|
|
|
|
|
|
|
Flask provides some tools to deal with the downsides of this approach, but |
|
|
|
|
the core problem remains. Flask is also based on convention over |
|
|
|
|
configuration, which means that many things are preconfigured and will |
|
|
|
|
work well for smaller applications but not so well for larger ones. For |
|
|
|
|
example, by convention, templates and static files are in subdirectories |
|
|
|
|
within the Python source tree of the application. |
|
|
|
|
|
|
|
|
|
But don't worry if your application suddenly grows larger |
|
|
|
|
and you're afraid Flask might not grow with it. Even with |
|
|
|
|
larger frameworks, you'll eventually discover that you need |
|
|
|
|
something the framework just cannot do for you without modification. |
|
|
|
|
If you are ever in that situation, check out the :ref:`becomingbig` |
|
|
|
|
chapter. |
|
|
|
|
|
|
|
|
|
A Framework and An Example |
|
|
|
|
A Framework and an Example |
|
|
|
|
-------------------------- |
|
|
|
|
|
|
|
|
|
Flask is not only a microframework, it is also an example. Based on |
|
|
|
|
Flask is not only a microframework; it is also an example. Based on |
|
|
|
|
Flask, there will be a series of blog posts that explain how to create a |
|
|
|
|
framework. Flask itself is just one way to implement a framework on top |
|
|
|
|
of existing libraries. Unlike many other microframeworks Flask does not |
|
|
|
|
try to implement anything on its own, it reuses existing code. |
|
|
|
|
of existing libraries. Unlike many other microframeworks, Flask does not |
|
|
|
|
try to implement everything on its own; it reuses existing code. |
|
|
|
|
|
|
|
|
|
Web Development is Dangerous |
|
|
|
|
---------------------------- |
|
|
|
|
|
|
|
|
|
I'm not even joking. Well, maybe a little. If you write a web |
|
|
|
|
application you are probably allowing users to register and leave their |
|
|
|
|
I'm not joking. Well, maybe a little. If you write a web |
|
|
|
|
application, you are probably allowing users to register and leave their |
|
|
|
|
data on your server. The users are entrusting you with data. And even if |
|
|
|
|
you are the only user that might leave data in your application, you still |
|
|
|
|
want that data to be stored in a secure manner. |
|
|
|
|
want that data to be stored securely. |
|
|
|
|
|
|
|
|
|
Unfortunately there are many ways security of a web application can be |
|
|
|
|
Unfortunately, there are many ways the security of a web application can be |
|
|
|
|
compromised. Flask protects you against one of the most common security |
|
|
|
|
problems of modern web applications: cross site scripting (XSS). Unless |
|
|
|
|
you deliberately mark insecure HTML as secure Flask (and the underlying |
|
|
|
|
Jinja2 template engine) have you covered. But there are many more ways to |
|
|
|
|
problems of modern web applications: cross-site scripting (XSS). Unless |
|
|
|
|
you deliberately mark insecure HTML as secure, Flask and the underlying |
|
|
|
|
Jinja2 template engine have you covered. But there are many more ways to |
|
|
|
|
cause security problems. |
|
|
|
|
|
|
|
|
|
Whenever something is dangerous where you have to watch out, the |
|
|
|
|
documentation will tell you so. Some of the security concerns of web |
|
|
|
|
development are far more complex than one might think and often we all end |
|
|
|
|
up in situations where we think "well, this is just far fetched, how could |
|
|
|
|
that possibly be exploited" and then an intelligent guy comes along and |
|
|
|
|
figures a way out to exploit that application. And don't think, your |
|
|
|
|
application is not important enough for hackers to take notice. Depending |
|
|
|
|
on the kind of attack, chances are there are automated botnets out there |
|
|
|
|
trying to figure out how to fill your database with viagra advertisements. |
|
|
|
|
The documentation will warn you about aspects of web development that |
|
|
|
|
require attention to security. Some of these security concerns |
|
|
|
|
are far more complex than one might think, and we all sometimes underestimate |
|
|
|
|
the likelihood that a vulnerability will be exploited, until a clever |
|
|
|
|
attacker figures out a way to exploit our applications. And don't think |
|
|
|
|
that your application is not important enough to attract an attacker. |
|
|
|
|
Depending on the kind of attack, chances are that automated bots are |
|
|
|
|
probing for ways to fill your database with spam, links to malicious |
|
|
|
|
software, and the like. |
|
|
|
|
|
|
|
|
|
So always keep that in mind when doing web development. |
|
|
|
|
So always keep security in mind when doing web development. |
|
|
|
|
|
|
|
|
|
Target Audience |
|
|
|
|
--------------- |
|
|
|
|
|
|
|
|
|
Is Flask for you? If your application small-ish and does not depend on |
|
|
|
|
too complex database structures, Flask is the Framework for you. It was |
|
|
|
|
designed from the ground up to be easy to use, based on established |
|
|
|
|
principles, good intentions and on top of two established libraries in |
|
|
|
|
widespread usage. Recent versions of Flask scale nicely within reasonable |
|
|
|
|
bounds and if you grow larger, you won't have any troubles adjusting Flask |
|
|
|
|
Is Flask for you? If your application is small-ish and does not depend on |
|
|
|
|
very complex database structures, Flask is the Framework for you. It was |
|
|
|
|
designed from the ground up to be easy to use, and built on the firm |
|
|
|
|
foundation of established principles, good intentions, and mature, widely |
|
|
|
|
used libraries. Recent versions of Flask scale nicely within reasonable |
|
|
|
|
bounds, and if you grow larger, you won't have any trouble adjusting Flask |
|
|
|
|
for your new application size. |
|
|
|
|
|
|
|
|
|
If you suddenly discover that your application grows larger than |
|
|
|
|
originally intended, head over to the :ref:`becomingbig` section to see |
|
|
|
|
some possible solutions for larger applications. |
|
|
|
|
|
|
|
|
|
Satisfied? Then head over to the :ref:`installation`. |
|
|
|
|
Satisfied? Then let's proceed with :ref:`installation`. |
|
|
|
|
|
Matt Campbell
15 years ago
committed by
Armin Ronacher