Python and the web
Or why you should use python for your next web project
alan kennedy
alan@xhaus.com
Python and the web
History of python on the web: before WSGI
- First ever object publishing system for the web in 1994: Jim Fulton's Zope (nee Bobo)
- Plethora of competing frameworks, all incompatible.
- Plethora of "linkage" models: CGI, fastCGI, mod_python, bespoke servers, bespoke protocols, etc.
- Incompatibility meant it was very difficult to integrate frameworks
Python and the web
History of python on the web: WSGI
- Philip J. Eby saw the need to introduce a unifying concept: WSGI is born
- WSGI eliminated many dependencies on deployment environment: same application/framework runs on every platform, in any environment
- Can run under different implementations of the interpreter: jython, ironpython, pypy
- Simplifies testing, portability, scaling, etc, etc, etc, etc
- Extensively adopted in other languages: Rack (Ruby), Plack (Perl), JSGI (Javascript), etc
Python and the web
What is required from a modern web framework?
- Ease of use!
- Shallow learning curve!
- Powerful!
- Flexible!
- Everything, in a bucket, with a fried egg on top. And don't skimp on the pate!
Python and the web
URI to functionality mapping: consuming URIs
- Mapping request URI to code that will return the appropriate response
- Inline with code? E.g. Decorators?
- In a map in the code? E.g. Dictionary mapping strings to callables?
- In a separate config file? Host language syntax? Regex? DSL?
- Everything should be callable!
- Fungability is the python way!
Python and the web
URI to functionality mapping: generating URIs
- Reversability
- How to generate URIs that index back into the application?
- Cross application URIs: same problem
- Internationalised domain names
- Unicode path names
- Unicode parameters
Python and the web
Form handling
- Processing user input, no matter what
- Query string parameter
- Post data
- Security: CSRF attacks, Injection Attacks
- Encoding attacks: UTF-7
- Newer threats: Homoglyph attacks
Python and the web
Internationalisation
- Python has excellent support for transcoding
- Python supports source code files in any encoding: # -*- coding: utf-8 -*-
- UCS-2(cpython) vs UTF-16(jython, ironpython)
Python and the web
Session handling
- Undeniably needed in many scenarios: authentication, authorisation, state, preferences, history
- Can it be disabled?
- Required for REST APIs.
- Security: session hijacking.
Python and the web
Caching
- Fundamental on the modern web, primarily for expedient scalability
- Can control caching headers? E.g. Cache-control?
- Builtin caching support? Memcached, etc
Python and the web
Authentication and Authorisation
- Need to identify and authorise the user
- Integration with identity stores: LDAP, Kerberos, etc
- Auhthorisation: need to model some form of permissions system
Python and the web
Returning resources: templating languages
- In python: very easy to create: 1001 ways to do it.
- Generate textual formats: HTML, XML, JSON.
- Preventing XSS attacks.
Python and the web
Object relational modelling: the requirements
- Mapping object models to relational storage
- Automatic schema management
- Table and index, creation and deletion
- Schema updates, column addition and deletion
- Simplified query generation
Python and the web
Object relational modelling: the implementations
- SQLAlchemy: best of breed, full featured, steep learning curve
- Django ORM
- Full featured
- Shallow learning curve
- Can express most queries
- Tightly integrated with framework
- Automated database administration forms
Python and the web
Web frameworks: the future
- Cloudy services in a cloudy world
- Seamless composability
- Network facing
- Standardised protocols: HTTP, HTTPS
Python and the web
Fin!