A web development python framework

PRESENTED BY :
PRESENTED BY :
SAQIB SAUD C
SAQIB SAUD C
II MCA
II MCA
OUTLINE:

• Introduction to Django
• MVT Architecture
• Model layer
• View layer
• Template Layer
• Forms
• Automated admin interface
• Django Security
INTRODUCTION TO DJANGO :

• Django is a high-level python web framework which was created for quick
web project development.
• It delivers transparent and high-quality code writing, making it important for
developers, and equally important for customers.
• It’s free and open source.
• Fast and Secure.
• Dynamic and database driven content based websites.
HISTORY :

• Named after famous Guitarist “Django Reinhardt”

• Developed by Adrian Holovaty and Jacob Kaplan-moss at
World Online News for efficient development
• Open sourced in 2005
• First Version released September 3, 2008
DJANGO AS AN MVC DESIGN
PATTERN :
MVT Architecture :
• Models - Describes your data structure/database schema
• Views - Controls what a user sees
• Templates – How a user sees it
• Controller – Controls request and responses
MVT Architecture :
 MVT Architecture :

• URLs: A URL mapper is used to redirect HTTP requests to the

appropriate view based on the request URL.
• View: A view is a request handler function, which receives HTTP requests
and returns HTTP responses.
• Models: Models are Python objects that define the structure of
an application's data, and provide mechanisms to manage (add, modify,
delete) and query records in the database.
• Templates: A template is a text file defining the structure or layout of a
file(such as an HTML page). A template can be used to define the
structure of any type of file; it doesn't have to be HTML!
WORKING OF DJANGO:
We can run the development web server from within this folder
using manage.py and the runserver command.
- python3 manage.py runserver
Once the server is running you can view the site by navigating to the following
URL on your local web browser: http://127.0.0.1:8000/
DJANGO MODEL LAYER :

• Model is the data access layer of Django.

• It gives a way to access it, validate it and describes the
relationships between the data.
• It maps a single database table to a python class.
• It handles the inconsistency of SQL across different database
platforms.
CREATE YOUR FIRST MODEL:

• Each model is a Python class that inherit Django model class

“django.db.models.Model”
• Each attribute of the model represents a database field.
• e.g.: from django.db import models class Person(models.Model):
- first_name = models.CharField(max_length=30)
- last_name = models.CharField(max_length=30)
DJANGO MODEL EXAMPLE:

• We created a model Student that contains the following code in models.py file.
//models.py
class Student(models.Model):
first_name = models.CharField(max_length=20)
last_name = models.CharField(max_length=30)
contact = models.IntegerField()
email = models.EmailField(max_length=50)
age = models.IntegerField()
DJANGO MODEL EXAMPLE:

It will create a table myapp_student. The table structure looks like the below.
 DJANGO VIEW LAYER:

• A view is a place where we put our business logic of the application. The view is a
python function which is used to perform some business logic and return a
response to the user.
• This response can be the HTML contents of a Web page, or a redirect, or a 404
error.
• All the view function are created inside the views.py file of the Django app.
DJANGO VIEW EXAMPLE:

//views.py
import datetime
# Create your views here.
from django.http import HttpResponse
def index(request):
now = datetime.datetime.now()
html = "<html><body><h3>Now time is %s.</h3></body></html>" % now
return HttpResponse(html) # rendering the template in HttpResponse
DJANGO VIEW EXAMPLE:
DJANGO TEMPLATES LAYER:

• Django provides a convenient way to generate dynamic

HTML pages by using its template system.
• A template consists of static parts of the desired HTML
output as well as some special syntax describing how
dynamic content will be inserted.
WHY DJANGO TEMPLATE?

• We know that HTML is a static markup language, while

Python is a dynamic programming language.

• Django template engine is used to separate the design from

the python code and allows us to build dynamic web pages.
FORMS

• Django provides a Form class which is used to create HTML forms.

• It manages form data and performs validation while submitting the form.
Example:
from django import forms
class StudentForm(forms.Form):
firstname = forms.CharField(label="Enter first name",max_length=50)
lastname = forms.CharField(label="Enter last name", max_length = 100)
When rendered, it produces the following HTML to the browser:

<label for="id_firstname">Enter first name:</label>

<input type="text" name="firstname" required maxlength="50"
id="id_firstname" />
<label for="id_lastname">Enter last name:</label>
<input type="text" name="lastname" required maxlength="100“
id="id_lastname" />
AUTOMATED ADMIN INTERFACE:
• One of the most powerful parts of Django is the automatic admin interface.
• This is a built-in module and designed to perform admin related tasks to the user.
• The admin app (django.contrib.admin) is enabled by default and already added into INSTALLED_APPS
section of the settings file.
DJANGO SECURITY:

• Cross site scripting (XSS) protection

• Cross site request forgery (CSRF) protection
• SQL injection protection
• Clickjacking protection
• SSL/HTTPS
CROSS SITE SCRIPTING (XSS)
PROTECTION:
• XSS is a term used to describe a class of attacks that allow an
attacker to inject client-side scripts through the website into
the browsers of other users.
• This is usually achieved by storing malicious scripts in the
database where they can be retrieved and displayed to other
users.
• Using Django templates protects you against the majority of
XSS attacks.
CROSS SITE REQUEST FORGERY
(CSRF) PROTECTION:

• CSRF attacks allow a malicious user to execute actions

using the credentials of another user without that user’s
knowledge or consent.
• The way the protection is enabled is that you include the
{% csrf_token %} template tag in your form definition.
SQL INJECTION PROTECTION:

• SQL injection enable malicious users to execute SQL

code on a database, allowing data to be accessed,
modified, or deleted irrespective of the user's
permissions.
• You can protect SQL injection using Django models.
CLICKJACKING PROTECTION:

• In this attack a malicious user hijacks clicks meant

for a visible top level site and routes them to a
hidden page.
• Django protects this attack by providing X-Frame-
optionsmiddleware.
SSL/HTTPS:

• SSL/HTTPS can be enabled on the web server in order to encrypt all

traffic between the site and browser.
• Including authentication credentials(enabling HTTPS is highly
recommended).
• If HTTPS is enabled then Django provides a number of other
protections you can use:
• SECURE_PROXY_SSL_HEADER
• SECURE_SSL_REDIRECT
 DJANGO WEB APPLICATION TOOLS:
There are various tools available in Django:
• Authentication
• Caching
• Logging
• Sending emails
• Pagination
• Message Framework
• Sessions
• Data validation
AUTHENTICATION:

• Django comes with a user authentication system.

• It handles user accounts, groups, permissions and cookie-based
user sessions.
• Authentication system handles both authentication and
authorization.
THE AUTH SYSTEM CONSISTS OF:

• Users authentication.
• Permissions to user: Binary (yes/no)
• Groups: A generic way of applying labels and permissions to more
than one user.
• A configurable password hashing system.
• Forms and view tools for logging in users, or restricting content.
CACHING:

• To cache something is to save the result of an expensive calculation so that

you don’t have to perform the calculation next time.
• Django comes with a robust cache system that lets you save dynamic pages so
they don’t have to be calculated for each request.
Example:
LOGGING:

• Django uses Python’s built-in logging module to perform system

logging.
A Python logging configuration consists of four parts:
• Loggers
• Handlers
• Filters
• Formatters
SENDING EMAILS:

• Using Django email package we can send mails easily.

• Package - from django.core.mail import send_mail
• Django has some Email methods that can be used to send mails.
THANK
YOU