Currently, I'm drawing up plans to build my own website backend written in Python, and I'm in the process of considering several different frameworks and libraries to utilize (I'm aware that I could just use something like django, but I'm clamoring for a project). There are two major challenges I've identified in my quest to make this happen, and I wanted to see what some other (more experienced) developers might have to say on the matter
The first challenge is picking a database abstraction layer. I have limited experience with the SQL programming language (I grasp database concepts, just haven't learned the statement language all the way through) and also like the idea of writing one piece of code that can write to or query from any database type supported by the library.
From what I've looked up so far, going with an ORM seems like the perfect solution. I'm heavily considering SQLAlchemy (although it may be quite a bit more feature rich than I need), the Django ORM, and pewee. I want, above all, the ORM which will have either high performance in terms of write/query speed or low memory footprint.
Which ORM would you recommend, and for what reason?
The second major challenge I'm facing is writing the authentication framework. I found an introduction to session management in Python (http://webpython.codepoint.net/cgi_session), but it isn't a particularly great one... if anyone else knows of any good resources that might be able to help me out with this one, I would be very grateful!
Thanks in advance for any tips or thoughts!
Last edited by OakRaider4Life (2012-10-24 07:46:13)
Use Django, or at least flask with all sorts of extensions. Even on top of such a framework making a good website is enough work for starters.
Do not try and build everything on your own. Even if you use libraries which are in and by themselves powerful (like SQLAlchemy) wiring these together in a nice, readable and maintainable way is an awful lot of boring work and allows for failures at critical places like authentication or authorization, the more since you obviously lack a lot of knowledge and experience. Checking whether a user is authorized or expiring authentication after a given period of time is trivial, and simply involves checking attributes of the user's authentication or authorization information in each view that accesses a protected resource.
You shouldn't need to ask these questions if you want to build a web application all on your own, and not even differentiating between authentication and authorization, or rather considering only the former, while not even mentioning the latter, is the first indication of an upcoming big failure.
No offense meant Frameworks like Django exist for a reason: It is hard and cumbersome to get web programming right, since HTTP is a complex protocol and there are a lot of side effects and side channels to consider, some of which you don't even know of at the time of writing.
I appreciate that you want to try, but ask yourself whether you really want to practice with a website that is publicly accessible.
Last edited by lunar (2012-10-24 07:37:54)
I may need to concede and incorporate a pre-written authentication module, but other than that, I'm quite prepared to write my own backend given the sheer simplicity of the website I'm putting together. From there, it's just a matter of setting up functions to store and recall site content from a database, and with an abstraction layer, that would be well within my reach.
How difficult is it to use only parts of the django framework, such as the authentication module or the ORM module?
I've just started using SQLAlchemy with Sqlite as the database. I think that's the best solution for experimentation and prototyping and you can move to something else for "production". I haven't used Django, but I have friends who have and they mostly like it.
Ignore everything in that url. Don't read 6 year out of date guides that uses the cgi module and python 2.4
Ayway, writing a web framework is really hard to get right, and you are better off using something existing. I would suggest pyramid or flask. But if you really want to reinvent the wheel, read the wsgi docs.
CherryPy is a nice KISS python web framework
In Zen they say: If something is boring after two minutes, try it for four. If still boring, try it for eight, sixteen, thirty-two, and so on. Eventually one discovers that it's not boring at all but very interesting.
~ John Cage
+1 for CherryPy. I've only used it a bit so maybe I'm talking too soon, but I like its simplicity. django left a feeling in me that it was trying to do too much, and possibly do so in a sub-optimal way. Also AFAIK it does not yet support Python 3. Boo. I cringe at the thought of using Python 2 for new projects.
I'm also a non-fan of ORMs and DB abstraction layers. They may be OK for simple things but if you ever want to run complex queries, you're far better off writing SQL by hand. ORMs can produce some bad code.
@yodermk Become a fan then. You are much more likely to create much worse queries than SQLAlchemy than to actually create significantly better ones. SQLAlchemy has accumulated lots of thought, knowledge, experience and design in its ORM layer.
Even if you dislike ORMs – a valid point – use the database abstraction SQLAlchemy offers, if only for connection pooling and SQL abstraction. The former is hard to get right, the latter results in cleaner and more readable code, because queries can be written and manipulated in terms of Python expressions instead of mucking around with strings.
As others here have, I'd very much advise choosing an existing lightweight framework and building on top of it. If you want a specific recommendation, I've found Pyramid to be pretty awesome in past projects. Plus, it's focused on providing a fairly small set of core functionality, which is probably what you want seeing as your post implies you're looking to build things up from a fairly low level.
I'd also like to throw my support in for SQLAlchemy; it is very nice, especially in that it not only has multiple levels of operation (ORM & sql abstraction) but that both will play well together in the same project.
+INFINITE for taking an exisiting framework. You say that your goal is to build your web site. It is a too tedious task to start from scratch: implementing HTTP protocol properly (it is trickier than it seems), handling charsets properly on documents and filenames, handling forms, handling file uploads, handling templates, handling cookies, handling sessions, handling security, ... you'll take at least many weeks to be production ready even if you are a very experienced web developer, and in the end you are just building a web site. To me it feels a bit like wanting to create your own operating system just for writing a python program. Oooops... I hope I didn't give you another crazy idea
If your still playing around with this web backend you might give bottle.py a look. It's a web framework in a single python file, designed for small applications, but might also be a good tool to learn from.