8.1 Python with Django (Official Track)
This section introduces Django as the official high-level Python web framework for secure, maintainable, and rapid development.
What Django provides
From the official Django documentation, Django emphasizes:
- A batteries-included framework for web apps
- Reusable app architecture
- ORM-backed data modeling
- Secure defaults for common web threats
- An admin interface for data-backed applications
Core architecture (MTV pattern)
Django applications are structured around:
- Models: Python classes mapped to database tables via ORM
- Templates: Presentation layer for rendering output
- Views: Request handling and business logic
- URLconf: Declarative URL routing to views
Request lifecycle essentials
- URL matcher resolves incoming path to a view
- View executes logic and interacts with models/forms/services
- View returns
HttpResponse(or raises errors) - Middleware hooks run around request/response flow
Security features (officially documented)
Django includes built-in defenses for:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL Injection (when using ORM safely)
- Clickjacking protections
- Secure password hashing and auth flows
Production-ready practices
- Keep
DEBUG=Falsein production - Set
ALLOWED_HOSTScorrectly - Store secrets outside source code
- Use migration workflow for schema changes
- Keep dependencies updated through regular patching
Official references
- Django docs home: https://docs.djangoproject.com/
- Tutorial: https://docs.djangoproject.com/en/stable/intro/tutorial01/
- Models: https://docs.djangoproject.com/en/stable/topics/db/models/
- Views and URLs: https://docs.djangoproject.com/en/stable/topics/http/
- Security: https://docs.djangoproject.com/en/stable/topics/security/