Book Image

Mastering Django: Core

By : Nigel George
Book Image

Mastering Django: Core

By: Nigel George

Overview of this book

Mastering Django: Core is a completely revised and updated version of the original Django Book, written by Adrian Holovaty and Jacob Kaplan-Moss - the creators of Django. The main goal of this book is to make you a Django expert. By reading this book, you’ll learn the skills needed to develop powerful websites quickly, with code that is clean and easy to maintain. This book is also a programmer’s manual that provides complete coverage of the current Long Term Support (LTS) version of Django. For developers creating applications for commercial and business critical deployments, Mastering Django: Core provides a complete, up-to-date resource for Django 1.8LTS with a stable code-base, security fixes and support out to 2018.

Related Content you might be interested in

Current Title:

Small book image
Mastering Django: Core
Nigel George
Dec, 2016 | 694 pages
No titles found
Table of Contents (33 chapters)
Mastering Django: Core
Mastering Django: Core
Credits
Credits
About the Author
About the Author
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Django and Getting Started
Introduction to Django and Getting Started
Introducing Django
What's next?
2
Views and URLconfs
Views and URLconfs
Your first Django-powered page: Hello World
Your second view: dynamic content
URLconfs and loose coupling
Your third view: dynamic URLs
Django's pretty error pages
What's next?
3
Templates
Templates
Template system basics
Using the template system
Dictionaries and contexts
Basic template-tags and filters
Philosophies and limitations
Using templates in views
Template loading
render()
Template subdirectories
The include template tag
Template inheritance
What's next?
4
Models
Models
The "dumb" way to do database queries in views
Configuring the database
Your first app
Defining Models in Python
Basic data access
What's next?
5
The Django Admin Site
The Django Admin Site
Using the admin site
Adding your models to the admin site
Making fields optional
Customizing field labels
Custom model admin classes
Users, groups, and permissions
When and why to use the admin interface-and when not to
What's next?
6
Forms
Forms
Getting data from the Request Object
A simple form-handling example
Improving our simple form-handling example
Simple validation
Making a contact form
Tying form objects into views
Changing how fields are rendered
Setting a maximum length
Setting initial values
Custom validation rules
Specifying labels
Customizing form design
What's next?
7
Advanced Views and URLconfs
Advanced Views and URLconfs
URLconf Tips and Tricks
Performance
Error handling
Including other URLconfs
Passing extra options to view functions
Reverse resolution of URLs
Naming URL patterns
URL namespaces
What's next?
8
Advanced Templates
Advanced Templates
Template language review
Requestcontext and context processors
Guidelines for writing our own context processors
Automatic HTML escaping
Inside Template loading
Extending the template system
Custom template tags and filters
Advanced custom template tags
What's next
9
Advanced Models
Advanced Models
Related objects
Managers
Model methods
Executing raw SQL queries
Performing raw queries
Executing custom SQL directly
What's next?
10
Generic Views
Generic Views
Generic views of objects
Making "friendly" template contexts
Adding extra context
Viewing subsets of objects
Dynamic filtering
Performing extra work
What's next?
11
User Authentication in Django
User Authentication in Django
Overview
Using the Django authentication system
User objects
Permissions and authorization
Authentication in web requests
Authentication views
Authenticating data in templates
Managing users in the admin
Password management in Django
Customizing authentication in Django
Custom permissions
Extending the existing user model
Substituting a custom user model
What's next?
12
Testing in Django
Testing in Django
Introduction to testing
Introducing automated testing
Basic testing strategies
Writing a test
Creating a test
Running tests
Testing tools
The test database
Using different testing frameworks
What's next?
13
Deploying Django
Deploying Django
Preparing your codebase for production
Critical settings
Environment-specific settings
HTTPS
Performance optimizations
Error reporting
Using a virtualenv
Using different settings for production
Deploying Django to a production server
Deploying Django with Apache and mod_wsgi
Serving static files in production
Scaling
Performance tuning
What's next?
14
Generating Non-HTML Content
Generating Non-HTML Content
The basics: views and MIME types
Producing CSV
Using the template system
Other text-based formats
Generating PDF
Install ReportLab
Write your view
Complex PDF's
Further resources
Other possibilities
The syndication feed framework
The high-level framework
The low-level framework
The Sitemap framework
What's next?
15
Django Sessions
Django Sessions
Enabling sessions
Configuring the session engine
Using Sessions in Views
Session object guidelines
Session serialization
Setting test cookies
Using sessions out of views
When sessions are saved
Browser-length sessions vs. persistent sessions
Clearing the session store
What's next
16
Djangos Cache Framework
Djangos Cache Framework
Setting up the cache
The per-site cache
The per-view cache
Template fragment caching
The low-level cache API
Downstream caches
Using vary headers
Controlling cache: using other headers
What's next?
17
Django Middleware
Django Middleware
Activating middleware
Hooks and application order
Writing your own middleware
Available middleware
Middleware ordering
What's next?
18
Internationalization
Internationalization
Definitions
Translation
Internationalization: in Python code
Internationalization: In template code
Internationalization: In Javascript code
Internationalization: In URL patterns
Localization: How to create language files
Explicitly setting the active language
Using translations outside views and templates
Implementation notes
What's next?
19
Security in Django
Security in Django
Django's built in security features
Additional security tips
20
More on Installing Django
More on Installing Django
Running other databases
Installing Django manually
Upgrading Django
Installing a Distribution-specific package
Installing the development version
What's next?
21
Advanced Database Management
Advanced Database Management
General notes
postgreSQL notes
MySQL notes
SQLite notes
Oracle notes
Using a 3rd-Party database backend
Integrating Django with a legacy database
What's next?
Model Definition Reference
Model Definition Reference
Fields
Universal field options
Field attribute reference
Relationships
Model metadata options
Database API Reference
Database API Reference
Creating objects
Saving changes to objects
Retrieving objects
Complex lookups with Q objects
Comparing objects
Deleting objects
Copying model instances
Updating multiple objects at once
Related objects
Falling back to raw SQL
Generic View Reference
Generic View Reference
Common arguments to generic views
Simple generic views
List/detail generic views
Date-Based Generic Views
Form handling with class-based views
Settings
Settings
What's a settings file?
Using settings in Python code
Altering settings at runtime
Security
Creating your own settings
DJANGO_SETTINGS_MODULE
Using settings without setting DJANGO_SETTINGS_MODULE
Available settings
Built-in Template Tags and Filters
Built-in Template Tags and Filters
Built-in tags
Built-in filters
Internationalization tags and filters
Other tags and filters libraries
Request and Response Objects
Request and Response Objects
HttpRequest objects
QueryDict objects
HttpResponse objects
JsonResponse Objects
StreamingHttpResponse objects
FileResponse objects
Error views
Customizing error views
Developing Django with Visual Studio
Developing Django with Visual Studio
Installing Visual Studio
Creating A Django project
Django development in Visual Studio

Critical settings

SECRET_KEY

The secret key must be a large random value and it must be kept secret.

Make sure that the key used in production isn't used anywhere else and avoid committing it to source control. This reduces the number of vectors from which an attacker may acquire the key. Instead of hardcoding the secret key in your settings module, consider loading it from an environment variable:

import os
SECRET_KEY = os.environ['SECRET_KEY']

or from a file:

with open('/etc/secret_key.txt') as f:
SECRET_KEY = f.read().strip()

DEBUG

You must never enable debug in production.

When we created a project in Chapter 1, Introduction to Django and Getting Started, the command django-admin startproject created a settings.py file with DEBUG set to True. Many internal parts of Django check this setting and change their behavior if DEBUG mode is on.

For example, if DEBUG is set to True, then:

  • All database queries will be saved in memory as the object django.db.connection.queries. As you can...

Previous Section
End of Section 3
Next Section