Book Image

Django Design Patterns and Best Practices

By : Arun Ravindran
Book Image

Django Design Patterns and Best Practices

By: Arun Ravindran

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Django Design Patterns and Best Practices
Arun Ravindran
Mar, 2015 | 222 pages
No titles found
Table of Contents (19 chapters)
Django Design Patterns and Best Practices
Django Design Patterns and Best Practices
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Django and Patterns
Django and Patterns
Why Django?
The story of Django
What is a Pattern?
Patterns in this book
Best practices
Summary
2
Application Design
Application Design
How to gather requirements
Are you a story teller?
HTML mockups
Designing the application
Before starting the project
SuperBook – your mission, should you choose to accept it
Summary
3
Models
Models
M is bigger than V and C
The model hunt
Structural patterns
Retrieval patterns
Migrations
Summary
4
Views and URLs
Views and URLs
A view from the top
Class-based generic views
View mixins
Decorators
View patterns
Designing URLs
Summary
5
Templates
Templates
Understanding Django's template language features
Organizing templates
Using Bootstrap
Template patterns
Summary
6
Admin Interface
Admin Interface
Using the admin interface
Enhancing models for the admin
Admin interface customizations
Protecting the admin
Summary
7
Forms
Forms
How forms work
Displaying forms
Understanding CSRF
Form processing with Class-based views
Form patterns
Summary
8
Dealing with Legacy Code
Dealing with Legacy Code
Finding the Django version
Where are the files? This is not PHP
Starting with urls.py
Jumping around the code
Understanding the code base
Incremental change or a full rewrite?
Write tests before making any changes
Legacy databases
Summary
9
Testing and Debugging
Testing and Debugging
Why write tests?
Test-driven development
Writing a test case
Mocking
Pattern – test fixtures and factories
Learning more about testing
Debugging
The print function
Logging
The Django Debug Toolbar
The Python debugger pdb
Other debuggers
Debugging Django templates
Summary
10
Security
Security
Cross-site scripting (XSS)
A handy security checklist
Summary
11
Production-ready
Production-ready
Production environment
Hosting
Deployment tools
Monitoring
Performance
Summary
Python 2 versus Python 3
Python 2 versus Python 3
But I still use Python 2.7!
Python 3
Further information
Index
Index

Understanding CSRF

So, you must have noticed something called a CSRF token in the form templates. What does it do? It is a security mechanism against Cross-Site Request Forgery (CSRF) attacks for your forms.

It works by injecting a server-generated random string called a CSRF token, unique to a user's session. Every time a form is submitted, it must have a hidden field that contains this token. This token ensures that the form was generated for the user by the original site, rather than a fake form created by an attacker with similar fields.

CSRF tokens are not recommended for forms using the GET method because the GET actions should not change the server state. Moreover, forms submitted via GET would expose the CSRF token in the URLs. Since URLs have a higher risk of being logged or shoulder-sniffed, it is better to use CSRF in forms using the POST method.

Previous Section
End of Section 4
Next Section