diff --git a/docs/contents.rst.inc b/docs/contents.rst.inc index f0c21010..e924202e 100644 --- a/docs/contents.rst.inc +++ b/docs/contents.rst.inc @@ -1,9 +1,9 @@ User's Guide ------------ -This part of the documentation is written text and should give you an idea -how to work with Flask. It's a series of step-by-step instructions for -web development. +This part of the documentation, which is mostly prose, begins with some +background information about Flask, then focuses on step-by-step +instructions for web development with Flask. .. toctree:: :maxdepth: 2 diff --git a/docs/foreword.rst b/docs/foreword.rst index fe466dab..de6b4980 100644 --- a/docs/foreword.rst +++ b/docs/foreword.rst @@ -2,90 +2,90 @@ Foreword ======== Read this before you get started with Flask. This hopefully answers some -questions about the intention of the project, what it aims at and when you +questions about the purpose and goals of the project, and when you should or should not be using it. -What does Micro Mean? ---------------------- +What does "micro" mean? +----------------------- -The micro in microframework for me means on the one hand being small in -size and complexity but on the other hand also that the complexity of the -applications that are written with these frameworks do not exceed a -certain size. A microframework like Flask sacrifices a few things in -order to be approachable and to be as concise as possible. +To me, the "micro" in microframework refers not only to the simplicity and +small size of the framework, but also to the typically limited complexity +and size of applications that are written with the framework. To be +approachable and concise, a microframework sacrifices a few features that +may be necessary in larger or more complex applications. -For example Flask uses thread local objects internally so that you don't +For example, Flask uses thread-local objects internally so that you don't have to pass objects around from function to function within a request in order to stay threadsafe. While this is a really easy approach and saves you a lot of time, it also does not scale well to large applications. -It's especially painful for more complex unittests and when you suddenly -have to deal with code being executed outside of the context of a request -(for example if you have cronjobs). - -Flask provides some tools to deal with the downsides of this approach but -the core problem of this approach obviously stays. It is also based on -convention over configuration which means that a lot of things are -preconfigured in Flask and will work well for smaller applications but not -so much for larger ones (where and how it looks for templates, static -files etc.) - -But don't worry if your application suddenly grows larger than it was -initially and you're afraid Flask might not grow with it. Even with -larger frameworks you sooner or later will find out that you need +It's especially painful for more complex unittests, and when you suddenly +have to deal with code being executed outside of the context of a request, +such as in cron jobs. + +Flask provides some tools to deal with the downsides of this approach, but +the core problem remains. Flask is also based on convention over +configuration, which means that many things are preconfigured and will +work well for smaller applications but not so well for larger ones. For +example, by convention, templates and static files are in subdirectories +within the Python source tree of the application. + +But don't worry if your application suddenly grows larger +and you're afraid Flask might not grow with it. Even with +larger frameworks, you'll eventually discover that you need something the framework just cannot do for you without modification. If you are ever in that situation, check out the :ref:`becomingbig` chapter. -A Framework and An Example +A Framework and an Example -------------------------- -Flask is not only a microframework, it is also an example. Based on +Flask is not only a microframework; it is also an example. Based on Flask, there will be a series of blog posts that explain how to create a framework. Flask itself is just one way to implement a framework on top -of existing libraries. Unlike many other microframeworks Flask does not -try to implement anything on its own, it reuses existing code. +of existing libraries. Unlike many other microframeworks, Flask does not +try to implement everything on its own; it reuses existing code. Web Development is Dangerous ---------------------------- -I'm not even joking. Well, maybe a little. If you write a web -application you are probably allowing users to register and leave their +I'm not joking. Well, maybe a little. If you write a web +application, you are probably allowing users to register and leave their data on your server. The users are entrusting you with data. And even if you are the only user that might leave data in your application, you still -want that data to be stored in a secure manner. +want that data to be stored securely. -Unfortunately there are many ways security of a web application can be +Unfortunately, there are many ways the security of a web application can be compromised. Flask protects you against one of the most common security -problems of modern web applications: cross site scripting (XSS). Unless -you deliberately mark insecure HTML as secure Flask (and the underlying -Jinja2 template engine) have you covered. But there are many more ways to +problems of modern web applications: cross-site scripting (XSS). Unless +you deliberately mark insecure HTML as secure, Flask and the underlying +Jinja2 template engine have you covered. But there are many more ways to cause security problems. -Whenever something is dangerous where you have to watch out, the -documentation will tell you so. Some of the security concerns of web -development are far more complex than one might think and often we all end -up in situations where we think "well, this is just far fetched, how could -that possibly be exploited" and then an intelligent guy comes along and -figures a way out to exploit that application. And don't think, your -application is not important enough for hackers to take notice. Depending -on the kind of attack, chances are there are automated botnets out there -trying to figure out how to fill your database with viagra advertisements. +The documentation will warn you about aspects of web development that +require attention to security. Some of these security concerns +are far more complex than one might think, and we all sometimes underestimate +the likelihood that a vulnerability will be exploited, until a clever +attacker figures out a way to exploit our applications. And don't think +that your application is not important enough to attract an attacker. +Depending on the kind of attack, chances are that automated bots are +probing for ways to fill your database with spam, links to malicious +software, and the like. -So always keep that in mind when doing web development. +So always keep security in mind when doing web development. Target Audience --------------- -Is Flask for you? If your application small-ish and does not depend on -too complex database structures, Flask is the Framework for you. It was -designed from the ground up to be easy to use, based on established -principles, good intentions and on top of two established libraries in -widespread usage. Recent versions of Flask scale nicely within reasonable -bounds and if you grow larger, you won't have any troubles adjusting Flask +Is Flask for you? If your application is small-ish and does not depend on +very complex database structures, Flask is the Framework for you. It was +designed from the ground up to be easy to use, and built on the firm +foundation of established principles, good intentions, and mature, widely +used libraries. Recent versions of Flask scale nicely within reasonable +bounds, and if you grow larger, you won't have any trouble adjusting Flask for your new application size. If you suddenly discover that your application grows larger than originally intended, head over to the :ref:`becomingbig` section to see some possible solutions for larger applications. -Satisfied? Then head over to the :ref:`installation`. +Satisfied? Then let's proceed with :ref:`installation`.