Book Image

Learn Web Development with Python

By : Fabrizio Romano, Gaston C. Hillar, Arun Ravindran
Book Image

Learn Web Development with Python

By: Fabrizio Romano, Gaston C. Hillar, Arun Ravindran

Overview of this book

If you want to develop complete Python web apps with Django, this Learning Path is for you. It will walk you through Python programming techniques and guide you in implementing them when creating 4 professional Django projects, teaching you how to solve common problems and develop RESTful web services with Django and Python. You will learn how to build a blog application, a social image bookmarking website, an online shop, and an e-learning platform. Learn Web Development with Python will get you started with Python programming techniques, show you how to enhance your applications with AJAX, create RESTful APIs, and set up a production environment for your Django projects. Last but not least, you’ll learn the best practices for creating real-world applications. By the end of this Learning Path, you will have a full understanding of how Django works and how to use it to build web applications from scratch. This Learning Path includes content from the following Packt products: • Learn Python Programming by Fabrizio Romano • Django RESTful Web Services by Gastón C. Hillar • Django Design Patterns and Best Practices by Arun Ravindran

Related Content you might be interested in

Current Title:

Small book image
Learn Web Development with Python
Fabrizio Romano | Gaston C. Hillar | Arun Ravindran
Dec, 2018 | 13 hours 16 minutes
No titles found
Table of Contents (33 chapters)
Title Page
Title Page
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
A Gentle Introduction to Python
A Gentle Introduction to Python
A proper introduction
Enter the Python
About Python
What are the drawbacks?
Who is using Python today?
Setting up the environment
Installing Python
How you can run a Python program
How is Python code organized?
Python's execution model
Guidelines on how to write good code
The Python culture
A note on IDEs
Summary
2
Built-in Data Types
Built-in Data Types
Everything is an object
Mutable or immutable? That is the question
Numbers
Immutable sequences
Mutable sequences
Set types
Mapping types – dictionaries
The collections module
Enums
Final considerations
Summary
3
Iterating and Making Decisions
Iterating and Making Decisions
Conditional programming
Looping
Putting all this together
A quick peek at the itertools module
Summary
4
Functions, the Building Blocks of Code
Functions, the Building Blocks of Code
Why use functions?
Scopes and name resolution
Input parameters
Return values
A few useful tips
Recursive functions
Anonymous functions
Function attributes
Built-in functions
One final example
Documenting your code
Importing objects
Summary
5
Saving Time and Memory
Saving Time and Memory
The map, zip, and filter functions
Comprehensions
Generators
Some performance considerations
Don't overdo comprehensions and generators
Name localization
Generation behavior in built-ins
One last example
Summary
6
OOP, Decorators, and Iterators
OOP, Decorators, and Iterators
Decorators
Object-oriented programming (OOP)
Writing a custom iterator
Summary
7
Files and Data Persistence
Files and Data Persistence
Working with files and directories
Data interchange formats
IO, streams, and requests
Persisting data on disk
Summary
8
Testing, Profiling, and Dealing with Exceptions
Testing, Profiling, and Dealing with Exceptions
Testing your application
Test-driven development
Exceptions
Profiling Python
Summary
9
Concurrent Execution
Concurrent Execution
Concurrency versus parallelism
Threads and processes – an overview
Concurrent execution in Python
Case examples
Summary
10
Debugging and Troubleshooting
Debugging and Troubleshooting
Debugging techniques
Troubleshooting guidelines
Summary
11
Installing the Required Software and Tools
Installing the Required Software and Tools
Creating a virtual environment with Python 3.x and PEP 405
Installing Django and Django REST frameworks in an isolated environment
Creating an app with Django
Installing tools
Test your knowledge
Summary
12
Working with Models, Migrations, Serialization, and Deserialization
Working with Models, Migrations, Serialization, and Deserialization
Defining the requirements for our first RESTful Web Service
Creating our first model
Running our initial migration
Analyzing the database
Controlling, serialization, and deserialization
Working with the Django shell and diving deeply into serialization and deserialization
Test your knowledge
Summary
13
Creating API Views
Creating API Views
Creating Django views combined with serializer classes
Understanding CRUD operations with Django views and the request methods
Routing URLs to Django views and functions
Launching Django's development server
Making HTTP POST requests with Postman
Test your knowledge
Summary
14
Using Generalized Behavior from the APIView Class
Using Generalized Behavior from the APIView Class
Taking advantage of model serializers
Understanding accepted and returned content types
Making unsupported HTTP OPTIONS requests with command-line tools
Understanding decorators that work as wrappers
Using decorators to enable different parsers and renderers
Taking advantage of content negotiation classes
Making supported HTTP OPTIONS requests with command-line tools
Working with different content types
Sending HTTP requests with unsupported HTTP verbs
Test your knowledge
Summary
15
Understanding and Customizing the Browsable API Feature
Understanding and Customizing the Browsable API Feature
Understanding the possibility of rendering text/HTML content
Using a web browser to work with our web service
Making HTTP GET requests with the browsable API
Making HTTP POST requests with the browsable API
Making HTTP PUT requests with the browsable API
Making HTTP OPTIONS requests with the browsable API
Making HTTP DELETE requests with the browsable API
Test your knowledge
Summary
16
Using Constraints, Filtering, Searching, Ordering, and Pagination
Using Constraints, Filtering, Searching, Ordering, and Pagination
Browsing the API with resources and relationships
Defining unique constraints
Working with unique constraints
Understanding pagination
Configuring pagination classes
Making requests that paginate results
Working with customized pagination classes
Making requests that use customized paginated results
Configuring filter backend classes
Adding filtering, searching, and ordering
Working with different types of Django filters
Making requests that filter results
Composing requests that filter and order results
Making requests that perform starts with searches
Using the browsable API to test pagination, filtering, searching, and ordering
Test your knowledge
Summary
17
Securing the API with Authentication and Permissions
Securing the API with Authentication and Permissions
Understanding authentication and permissions in Django, the Django REST framework, and RESTful Web Services
Learning about the authentication classes
Including security and permissions-related data to models
Working with object-level permissions via customized permission classes
Saving information about users that make requests
Setting permission policies
Creating the superuser for Django
Creating a user for Django
Making authenticated requests
Making authenticated HTTP PATCH requests with Postman
Browsing the secured API with the required authentication
Working with token-based authentication
Generating and using tokens
Test your knowledge
Summary
18
Applying Throttling Rules and Versioning Management
Applying Throttling Rules and Versioning Management
Understanding the importance of throttling rules
Learning the purpose of the different throttling classes in the Django REST framework
Configuring throttling policies in the Django REST framework
Running tests to check that throttling policies work as expected
Understanding versioning classes
Configuring a versioning scheme
Running tests to check that versioning works as expected
Test your knowledge
Summary
19
Automating Tests
Automating Tests
Getting ready for unit testing with pytest
Writing unit tests for a RESTful Web Service
Discovering and running unit tests with pytest
Writing new unit tests to improve the tests' code coverage
Running unit tests again with pytest
Test your knowledge
Summary
20
Solutions
Solutions
Chapter 11: Installing the Required Software and Tools
Chapter 12: Working with Models, Migrations, Serialization, and Deserialization
Chapter 13: Creating API Views
Chapter 14: Using Generalized Behavior from the APIView Class
Chapter 15: Understanding and Customizing the Browsable API Feature
Chapter 16: Using Constraints, Filtering, Searching, Ordering, and Pagination
Chapter 17: Securing the API with Authentication and Permissions
Chapter 18: Applying Throttling Rules and Versioning Management
Chapter 19: Automating Tests
21
Templates
Templates
Understanding Django's template language features
Jinja2
Organizing templates
How templates work
Using Bootstrap
Template patterns
Summary
22
Admin Interface
Admin Interface
Using the admin interface
Enhancing models for the admin
Admin interface customizations
Protecting the admin
Summary
23
Forms
Forms
How forms work
Displaying forms
Understanding CSRF
Form processing with class-based views
Form patterns
Summary
24
Security
Security
Cross-site scripting
Cross-site request forgery
SQL injection
Clickjacking
Shell injection
A handy security checklist
Summary
25
Working Asynchronously
Working Asynchronously
Why asynchronous?
Asynchronous patterns
Asynchronous solutions for Django
Summary
26
Creating APIs
Creating APIs
RESTful API
Django Rest framework
API patterns
Summary
27
Production-Ready
Production-Ready
The production environment
Virtual machines or Docker
Hosting
Deployment tools
Monitoring
Improving Performance
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Shell injection

As the name suggests, shell injection or command injection allows an attacker to inject malicious code into a system shell such as bash. Even web applications use command-line programs for convenience and their functionality. Such processes are typically run within a shell.

For example, if you want to show all the details of a file whose name is given by the user, a naïve implementation would be as follows:

os.system("ls -l {}".format(filename))

An attacker can enter the filename as manage.py; rm -rf * and delete all the files in your directory. In general, it is not advisable to use os.system. The subprocess module is a safer alternative (or even better, you can use os.stat() to get the file's attributes).

Since a shell will interpret the command-line arguments and environment variables, setting malicious values in them can allow the attacker to execute arbitrary system commands.

How Django helps

Django primarily depends on WSGI for deployment. Since WSGI, unlike CGI, does not...

Previous Section
End of Section 6
Next Section