Copy edited and partially rewrote the foreword.
This commit is contained in:
Matt Campbell
Armin Ronacher
parent
14fde07798
commit
f3dd3da59e
2 changed files with 52 additions and 52 deletions
|
|
@ -1,9 +1,9 @@
|
|||
User's Guide
|
||||
------------
|
||||
|
||||
This part of the documentation is written text and should give you an idea
|
||||
how to work with Flask. It's a series of step-by-step instructions for
|
||||
web development.
|
||||
This part of the documentation, which is mostly prose, begins with some
|
||||
background information about Flask, then focuses on step-by-step
|
||||
instructions for web development with Flask.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
|
|
|||
|
|
@ -2,90 +2,90 @@ Foreword
|
|||
========
|
||||
|
||||
Read this before you get started with Flask. This hopefully answers some
|
||||
questions about the intention of the project, what it aims at and when you
|
||||
questions about the purpose and goals of the project, and when you
|
||||
should or should not be using it.
|
||||
|
||||
What does Micro Mean?
|
||||
---------------------
|
||||
What does "micro" mean?
|
||||
-----------------------
|
||||
|
||||
The micro in microframework for me means on the one hand being small in
|
||||
size and complexity but on the other hand also that the complexity of the
|
||||
applications that are written with these frameworks do not exceed a
|
||||
certain size. A microframework like Flask sacrifices a few things in
|
||||
order to be approachable and to be as concise as possible.
|
||||
To me, the "micro" in microframework refers not only to the simplicity and
|
||||
small size of the framework, but also to the typically limited complexity
|
||||
and size of applications that are written with the framework. To be
|
||||
approachable and concise, a microframework sacrifices a few features that
|
||||
may be necessary in larger or more complex applications.
|
||||
|
||||
For example Flask uses thread local objects internally so that you don't
|
||||
For example, Flask uses thread-local objects internally so that you don't
|
||||
have to pass objects around from function to function within a request in
|
||||
order to stay threadsafe. While this is a really easy approach and saves
|
||||
you a lot of time, it also does not scale well to large applications.
|
||||
It's especially painful for more complex unittests and when you suddenly
|
||||
have to deal with code being executed outside of the context of a request
|
||||
(for example if you have cronjobs).
|
||||
It's especially painful for more complex unittests, and when you suddenly
|
||||
have to deal with code being executed outside of the context of a request,
|
||||
such as in cron jobs.
|
||||
|
||||
Flask provides some tools to deal with the downsides of this approach but
|
||||
the core problem of this approach obviously stays. It is also based on
|
||||
convention over configuration which means that a lot of things are
|
||||
preconfigured in Flask and will work well for smaller applications but not
|
||||
so much for larger ones (where and how it looks for templates, static
|
||||
files etc.)
|
||||
Flask provides some tools to deal with the downsides of this approach, but
|
||||
the core problem remains. Flask is also based on convention over
|
||||
configuration, which means that many things are preconfigured and will
|
||||
work well for smaller applications but not so well for larger ones. For
|
||||
example, by convention, templates and static files are in subdirectories
|
||||
within the Python source tree of the application.
|
||||
|
||||
But don't worry if your application suddenly grows larger than it was
|
||||
initially and you're afraid Flask might not grow with it. Even with
|
||||
larger frameworks you sooner or later will find out that you need
|
||||
But don't worry if your application suddenly grows larger
|
||||
and you're afraid Flask might not grow with it. Even with
|
||||
larger frameworks, you'll eventually discover that you need
|
||||
something the framework just cannot do for you without modification.
|
||||
If you are ever in that situation, check out the :ref:`becomingbig`
|
||||
chapter.
|
||||
|
||||
A Framework and An Example
|
||||
A Framework and an Example
|
||||
--------------------------
|
||||
|
||||
Flask is not only a microframework, it is also an example. Based on
|
||||
Flask is not only a microframework; it is also an example. Based on
|
||||
Flask, there will be a series of blog posts that explain how to create a
|
||||
framework. Flask itself is just one way to implement a framework on top
|
||||
of existing libraries. Unlike many other microframeworks Flask does not
|
||||
try to implement anything on its own, it reuses existing code.
|
||||
of existing libraries. Unlike many other microframeworks, Flask does not
|
||||
try to implement everything on its own; it reuses existing code.
|
||||
|
||||
Web Development is Dangerous
|
||||
----------------------------
|
||||
|
||||
I'm not even joking. Well, maybe a little. If you write a web
|
||||
application you are probably allowing users to register and leave their
|
||||
I'm not joking. Well, maybe a little. If you write a web
|
||||
application, you are probably allowing users to register and leave their
|
||||
data on your server. The users are entrusting you with data. And even if
|
||||
you are the only user that might leave data in your application, you still
|
||||
want that data to be stored in a secure manner.
|
||||
want that data to be stored securely.
|
||||
|
||||
Unfortunately there are many ways security of a web application can be
|
||||
Unfortunately, there are many ways the security of a web application can be
|
||||
compromised. Flask protects you against one of the most common security
|
||||
problems of modern web applications: cross site scripting (XSS). Unless
|
||||
you deliberately mark insecure HTML as secure Flask (and the underlying
|
||||
Jinja2 template engine) have you covered. But there are many more ways to
|
||||
problems of modern web applications: cross-site scripting (XSS). Unless
|
||||
you deliberately mark insecure HTML as secure, Flask and the underlying
|
||||
Jinja2 template engine have you covered. But there are many more ways to
|
||||
cause security problems.
|
||||
|
||||
Whenever something is dangerous where you have to watch out, the
|
||||
documentation will tell you so. Some of the security concerns of web
|
||||
development are far more complex than one might think and often we all end
|
||||
up in situations where we think "well, this is just far fetched, how could
|
||||
that possibly be exploited" and then an intelligent guy comes along and
|
||||
figures a way out to exploit that application. And don't think, your
|
||||
application is not important enough for hackers to take notice. Depending
|
||||
on the kind of attack, chances are there are automated botnets out there
|
||||
trying to figure out how to fill your database with viagra advertisements.
|
||||
The documentation will warn you about aspects of web development that
|
||||
require attention to security. Some of these security concerns
|
||||
are far more complex than one might think, and we all sometimes underestimate
|
||||
the likelihood that a vulnerability will be exploited, until a clever
|
||||
attacker figures out a way to exploit our applications. And don't think
|
||||
that your application is not important enough to attract an attacker.
|
||||
Depending on the kind of attack, chances are that automated bots are
|
||||
probing for ways to fill your database with spam, links to malicious
|
||||
software, and the like.
|
||||
|
||||
So always keep that in mind when doing web development.
|
||||
So always keep security in mind when doing web development.
|
||||
|
||||
Target Audience
|
||||
---------------
|
||||
|
||||
Is Flask for you? If your application small-ish and does not depend on
|
||||
too complex database structures, Flask is the Framework for you. It was
|
||||
designed from the ground up to be easy to use, based on established
|
||||
principles, good intentions and on top of two established libraries in
|
||||
widespread usage. Recent versions of Flask scale nicely within reasonable
|
||||
bounds and if you grow larger, you won't have any troubles adjusting Flask
|
||||
Is Flask for you? If your application is small-ish and does not depend on
|
||||
very complex database structures, Flask is the Framework for you. It was
|
||||
designed from the ground up to be easy to use, and built on the firm
|
||||
foundation of established principles, good intentions, and mature, widely
|
||||
used libraries. Recent versions of Flask scale nicely within reasonable
|
||||
bounds, and if you grow larger, you won't have any trouble adjusting Flask
|
||||
for your new application size.
|
||||
|
||||
If you suddenly discover that your application grows larger than
|
||||
originally intended, head over to the :ref:`becomingbig` section to see
|
||||
some possible solutions for larger applications.
|
||||
|
||||
Satisfied? Then head over to the :ref:`installation`.
|
||||
Satisfied? Then let's proceed with :ref:`installation`.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue