CSC/ECE 517 Fall 2014/ch1a 7 kz
Background
“Web2py is an open source web application framework written in the Python programming language.” Web2py originally started as an educational tool when, in October 2007, Massimo Di Pierro developed web2py as a way to introduce his students to web programming. From this, it quickly grew through user adoption to become a strong competitor to Django, another python based web framework. Web2py is described as a “full-stack framework” which means that everything to necessary to build a functioning web application is contained in the framework.
Key Features
Security
Web2py addresses many issues related to security vulnerabilities.
- Validates all input to prevent database injections
- Escapes all output to prevent cross-site scripting
- Renames uploaded files to prevent directory traversal attacks
By following established web security practices, web2py helps prevent some of the most popular security attack, “so developers have less chances of introducing vulnerabilities”.
Database Abstraction Layer
Web2py includes, by default, a Database Abstraction Layer (DAL) that is capable of dynamically writing SQL for the most popular database management systems (DBMS) including, among others:
- SQLite
- MySqL
- Oracle
Web 2.0
According to web2py’s own documentation, it is the only web framework to fully embrace the Web 2.0 paradigm. Web 2.0 describes changes to the way that web pages are created and used rather than an update to any technical specification. Web2py accomplishes this by not requiring any installation or configuration and running on any architecture that can run python.
Examples
Through the use of a DAL, web2py provides for simple ways to create database tables for web applications. In this example, a database table called person is created with two fields. What is powerful is that if the table already exists and does not match this definition, it is updated.
db.define_table('person', Field('name'), Field('image', 'upload'))
The following example code embeds a fully working wiki. def index(): return auth.wiki() The following example prevents a visitor from accessing a function unless the member has read permissions. @auth.requires_permission('read','person') def f(): ....
Narration
Architecture
Like most popular web frameworks, web2py uses a Model View Controller (MVC) architecture [x]. In an MVC architecture the user’s request goes through the controller, which requests information from the model (usually some type of database) and then passes it along to the view for renderer. This type of architecture separates the data, logic and the user interfaces into separate components, making them more modular and maintainable.
The framework itself is very portable. It can run on any operating system that supports Python which means it will work on most cloud services like Amazon EC2 and Google App Engine. It also supports numerous databases including SQLite, MySQL, MSSQL, MariaDB, Oracle etc.. [x]. Not only that, it can speak multiple protocols like REST, XML/HTML, and JSON among others. [x] This is a great example of web2py’s MVC architecture coming into play. The database (model) or the protocol (view) can be switched around with very little work. Web2Py is split into a few major components. The lowest component in the python interpreter. Right above that there is a web server to serve web pages. By default, web2py comes with rocket, but it can be switched for third party web server like Apache or nginx. Running on top of that are the web2py core libraries. This contains the code that handles HTTP requests, responses, cookies, the database APIs (ORM), templating engine and other helpers. Finally, on top of that is where all the applications the developer writes will go. By default, web2py comes with a few example and admin applications, but they can be removed and new ones can be added either through the admin GUI or through the actual codebase itself.
Comparison
Web2py most often gets associated with Django, another Python web framework, and Rails, a web framework based on Ruby. Web2py is heavily inspired by both of those frameworks. [x] Like Rails and Django, web2py also follows a MVC architecture, has a templating engine and an ORM (Object Relational Mapper).
However, unlike Django and Rails, Web2py is a lot more lightweight. One of the most appealing features of web2py is that web2py “applications” can be created and imported into the server via an admin interface. [x] Unlike Rails and Django, you do not have to open up a text editor and create models by hand, you can do it using a graphical interface. You can also package the download applications from the server so you can import it elsewhere. Web2py is also one of the few frameworks to adopt the Web 2.0 paradigm. [x]
In summary, web2py has a lot of things common with other framework like Rails and Django. The syntax for the ORM and the templating might be different between the different frameworks, but they all use the MVC framework and have the same underlying concept. Where web2py really beats the other frameworks is it’s size; it’s very lightweight, but still contains all the features the other ORMs have!