CSC/ECE 517 Fall 2014/ch1a 7 kz: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
Line 49: Line 49:


<div style="float: right;">
<div style="float: right;">
[[File:Web2PyArchSlide.png|frame|Fig 1:Overview of the architecture of web2py]]<ref name="web2PyArchSlide">[https://dl.dropboxusercontent.com/u/18065445/Slides/PySFTalkSlides.pdf], "web2py, ideas we stole - ideas we had". Retrieved 18 September 2014.</ref>
[[File:Web2PyArchSlide.png|frame|Fig 1: Overview of the architecture of web2py]]<ref name="web2PyArchSlide">[https://dl.dropboxusercontent.com/u/18065445/Slides/PySFTalkSlides.pdf], "web2py, ideas we stole - ideas we had". Retrieved 18 September 2014.</ref>
</div>
</div>



Revision as of 18:49, 18 September 2014

Background

“Web2py is an open source web application framework written in the Python programming language.”<ref>[1], Web2py. Retrieved 18 September 2014.</ref> Web2py originally started as an educational tool when, in October 2007, Massimo Di Pierro developed web2py as a way to introduce his students to web programming. From this, it quickly grew through user adoption to become a strong competitor to Django, another python based web framework. Web2py is described as a “full-stack framework” which means that everything to necessary to build a functioning web application is contained in the framework.<ref name="web2PyOnlineBook">[2],"Web2py Online Book". Retrieved 18 September 2014.</ref>


Key Features

Security

Web2py addresses many issues related to security vulnerabilities.

  1. Validates all input to prevent database injections
  2. Escapes all output to prevent cross-site scripting
  3. Renames uploaded files to prevent directory traversal attacks

By following established web security practices, web2py helps prevent some of the most popular security attack, “so developers have less chances of introducing vulnerabilities”. <ref name="web2PyOnlineBook" />

Database Abstraction Layer

Web2py includes, by default, a Database Abstraction Layer (DAL) that is capable of dynamically writing SQL for the most popular database management systems (DBMS) including, among others:

  1. SQLite
  2. MySqL
  3. Oracle

Web 2.0

According to web2py’s own documentation, it is the only web framework to fully embrace the Web 2.0 paradigm. Web 2.0 describes changes to the way that web pages are created and used rather than an update to any technical specification.<ref>[3], "Web 2.0". Retrieved 18 September 2014.</ref> Web2py accomplishes this by not requiring any installation or configuration and running on any architecture that can run python.

Examples

Through the use of a DAL, web2py provides for simple ways to create database tables for web applications. In this example, a database table called person is created with two fields. What is powerful is that if the table already exists and does not match this definition, it is updated.

db.define_table('person', Field('name'), Field('image', 'upload'))

The following example code embeds a fully working wiki.

def index(): return auth.wiki()

The following example prevents a visitor from accessing a function unless the member has read permissions.

@auth.requires_permission('read','person')
   def f(): ....

Narration

Architecture

Like most popular web frameworks, web2py uses a Model View Controller (MVC) architecture. <ref name="aboutWeb2Py">[4], "What is web2py?". Retrieved 18 September 2014.</ref> In an MVC architecture the user’s request goes through the controller, which requests information from the model (usually some type of database) and then passes it along to the view for renderer. This type of architecture separates the data, logic and the user interfaces into separate components, making them more modular and maintainable.

The framework itself is very portable. It can run on any operating system that supports Python which means it will work on most cloud services like Amazon EC2 and Google App Engine. It also supports numerous databases including SQLite, MySQL, MSSQL, MariaDB, Oracle etc.. <ref name="aboutWeb2Py" />. Not only that, it can speak multiple protocols like REST, XML/HTML, and JSON among others. <ref name="aboutWeb2Py" /> This is a great example of web2py’s MVC architecture coming into play. The database (model) or the protocol (view) can be switched around with very little work.

Fig 1: Overview of the architecture of web2py
<ref name="web2PyArchSlide">[5], "web2py, ideas we stole - ideas we had". Retrieved 18 September 2014.</ref>


According to the slide seen on the right, web2Py is split into a few major components. <ref name="web2PyArchSlide" />The lowest component in the python interpreter. Right above that there is a web server to serve web pages. By default, web2py comes with rocket, but it can be switched for third party web server like Apache or nginx. Running on top of that are the web2py core libraries. This contains the code that handles HTTP requests, responses, cookies, the database APIs (ORM), templating engine and other helpers. Finally, on top of that is where all the applications the developer writes will go. By default, web2py comes with a few example and admin applications, but they can be removed and new ones can be added either through the admin GUI or through the actual codebase itself.

Comparison

Web2py most often gets associated with Django, another Python web framework, and Rails, a web framework based on Ruby. Web2py is heavily inspired by both of those frameworks. [x] Like Rails and Django, web2py also follows a MVC architecture, has a templating engine and an ORM (Object Relational Mapper). Web2py has a few unique features that it’s competitors don’t have. One of the most appealing features of web2py is that web2py “applications” can be created and imported into the server via a admin web interface. [x] Unlike Rails and Django, you do not have to open up a text editor and create models by hand, you can do it using a graphical interface. You can also package and download applications from the server so you can import it elsewhere. Web2py is also one of the few frameworks to properly adopt the Web 2.0 paradigm. It is also very lightweight compared to most other web frameworks that have similar feature lists.

Django

Django and web2py have a lot of things in common. Firstly, they are both Python web MVC frameworks, which means the basic flow of control is the same. A user request gets routed to the controller, which will consult the model(s) and generate some kind of output. Django is the more popular framework out of the two. A few popular sites built using Django are Mozilla, Pinterest and Instagram. <ref name="djangoWeb2PyCompare">[6], "Comparing Django, TurboGears2 and Web2py". Retrieved 18 September 2014.</ref> However, Web2py supports a more variety of database engines than Django does and is a lot more lightweight to install and run. <ref name="djangoWeb2PyCompare" />

Rails

Rails and web2py both follow the MVC architectural pattern. However, Rails applications are written in Ruby and web2py applications are written in Python. One of the main advantages of web2py vs Rails is the installation process. To install Rails, you have to install Ruby, gems and other database and database plugins; installation of web2py is as easy and installing Python and unzipping a zip file. <ref name="railsVsWeb2Py">[7], "Rails vs Web2py". Retrieved 18 September 2014.</ref> Other things such as user/role support, uploading files are supported by web2py but plugins are needed for them for Rails. <ref name="railsVsWeb2Py" />

In summary, web2py has a lot of things common with other framework like Rails and Django. The syntax for the ORM and the templating might be different between the different frameworks, but they all use the MVC framework and have the same underlying concept. Where web2py really beats the other frameworks is it’s size; it’s very lightweight, but still contains all the features the other ORMs have!

Hyperlinks to important terms

  • Python
  • Full-Stack Framework
  • Django
  • Ruby-On-Rails
  • Database Abstraction Layer (DAL)
  • Model-View-Controller (MVC)
  • Database Management System (DBMS)

References

<references/>