Django was invented to meet fast-moving newsroom deadlines while satisfying the tough requirements of experienced web developers.
Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.
Here are some specific types of projects that are likely to be developed with Django:
Content management systems,
Financial platforms that allow analyzing and calculating approximate results based on personal data, risk tolerance, the probability of achieving goals,
Social bookmarking sites and networks that facilitate communication,
Booking engines or shopping sites,
Custom CRM systems for internal data,
Backend for mobile applications.
One of the reasons I like Django so much is that it is really "pythonic" and makes great use of the language features, such as metaclasses used for implementing the Django ORM, the database access layer.
(if you have python installed you can start an interpreter and type import this see the Zen of Python in your python console).
Since the very beginning of the project, Django documentation has always been complete and very user-friendly, also for newcomers to web development, thanks to its many examples and tutorials.
Compared to other open-source frameworks, we had the need to look into the source code of Django just a few times in our everyday use, as the documentation covers all the Django APIs in a very detailed way, from the very basic use case to the most advanced ones.
As explained in the docs, Django documentation offers different levels of reading:
Topic guides discuss key topics and concepts at a fairly high level and provide useful background information and explanation.
Reference guides contain technical references for APIs and other aspects of Django’s machinery. They describe how it works and how to use it but assume that you have a basic understanding of key concepts.
How-to guides are recipes. They guide you through the steps involved in addressing key problems and use-cases. They are more advanced than tutorials and assume some knowledge of how Django works.
In a Django project, the separation of concerns is encouraged by letting you split the various features of your web applications into "reusable apps", that are just python packages. This helps a lot with code organization and to allow the reuse of code. These apps can live just in your project code, or be distributed like any other python package and installed in the project as external dependencies.
This approach has led to the proliferation of many specialized reusable apps, from very low-level features to ready-to-use interfaces.
These are some of the notable third parties apps we often use at Hashtrust:
Django rest framework is one of the most used libraries to build REST APIs with Django. It's the base of our API development (REST-like and not) and it's another great example of great API design. We learned a lot about web services implementation from this library, and using the rest framework might be a good reason to use Django.
Django channels: "channels augment Django to bring WebSocket, long-poll HTTP, task offloading, and other async support to your code, using familiar Django design patterns and a flexible underlying framework that lets you not only customize behaviors but also write support for your own protocols and needs."
Django reversion: an extension to the Django web framework that provides version control for model instances.
Django crispy forms: DRY Django forms
Django storages: A single library to support multiple custom storage backends for Django
Django rq: Integration for Redis Queue
Django imagekit: automated image processing for Django (for automatic thumbnails and image processing)
Django autocomplete light: a fresh approach to autocomplete implementations
The Django framework contains different python packages, effectively many different frameworks for addressing the various tasks of web development in a modular way.
Among many others, we have for example:
the ORM for database access and abstraction
the caching framework
the template engine
the sessions and messages frameworks
the forms framework
the gis framework
Such modularity helps developers build a different kinds of web applications, with rich APIs for dealing with all the common use cases.
One of the biggest challenges in web development is scalability. Your application must handle exactly the number of active connections that are required at any given time. If the connections exceed your estimate, your users will experience lags and downtime. Estimate too conservatively and you’ll pay for bandwidth and web servers you’re not using. You need an application that can grow as you gain more users.
Django web framework makes scaling easy. Because a Django app can manage your user sessions, you can add more instances of your application and transfer the user’s experience across the instances without losing data.
Instagram and Disqus are among the very large sites that use Django to support their huge user bases.
By default, Django prevents the most common security mistakes:
XSS (cross-site scripting) protection — Django template system by default escapes variables unless they are explicitly marked as safe.
CSRF (cross-site request forgery) protection — easy to turn on globally, guarantees that forms (POST requests) are sent from your own site.
SQL injection protection — Django uses built-in ORM, thus there is no risk of SQL injection (raw queries are possible, but by no means something that a beginner would need to use).
Additional security features:
Clickjacking protection — Django can detect when the content is requested from an unauthorized iframe
Safe password hash — Django by default uses PBKDF2, another option is bcrypt. Both are resilient to the usage of rainbow tables (thanks to salt), and both have significant compute time to prevent easy brute force.
It's also important to note, that Django is implemented in Python, which has an excellent security track record. Thus the underlying language is not a security risk.
More on Django security: https://docs.djangoproject.com/en/stable/topics/security/
The ORM is one of the most powerful parts of Django and can be described as a layer between the database(s) and your application, with an elegant and powerful API for defining, accessing, and maintaining your data from in python code.
These are some of the key features of the ORM:
it's backend agnostic: with core support for SQLite, PostgreSQL, MySQL, MariaDB, Oracle, etc. As long as not you're not writing directly specialized SQL, your code should work with any of the supported databases.
it provides a declarative data model: the schema for data models is defined in python classes rather than by CREATE TABLE... SQL statements. As it's python code, this model is also available for introspection in your application (for example, you can cycle all the fields of a data model or know the data type of a certain field)
you will normally write no SQL to access and modify your data, with the ability to perform complex queries, data aggregation, and full transaction control (you still can write SQL, if you really need it).
At Hashtrust we normally use PostgreSQL as the database backend, for its reliability, extensions, great support, and availability of commercial support and providers. Django has extended support for the PostgresSQL backend, with its django.contrib.postgres package, that contains model fields and form fields for a number of PostgreSQL-specific data type.
During our project development at Hashtrust, we met two great use cases for Django + Postgres:
geographical information systems based on django.contrib.gis and the django.contrib.gis.db.backends.postgis backend, that will give you access to PostGIS, a powerful Postgres extension for dealing with geographic data, from the Django ORM.
data models with JSON fields: Postgres, from versions 9.2 and 9.4 comes with a specific "JSON" field that allows storage of JSON data structures in a table column, with the ability to search and index specific JSON paths. This can be very useful if you have to deal with partially structured data. This approach can be used in many cases where a natural solution would be using a NoSQL backend.
One of the most powerful parts of Django is the automatic admin interface. Django comes with the Django.contrib.admin package, a reusable app that enables a web-based administration interface for your data models with just a few lines of code.
The Django admin is very interesting for many reasons:
you can try it a zero cost: it's enabled by default in Django projects and you need 4 lines of code to get a full CRUD interface for a data model.
it leverages and shows all the power of the Django ORM
it's a beautiful example of a configurable web application, with a simple API and a clean user interface.
it's an interesting administration tool, in particular, if in your web application you only use the ORM to access your models, as all the resources are available with the same level of abstraction.
The admin’s recommended use is limited to an organization’s internal management tool. It’s not intended for building your entire front end around, but in our experience, it may be a good option, if you need a simple administration interface for some advanced users and you don't have a very complex data model.
During development, the admin interface may also be used for debugging and to put some data in your database.
Django is governed by the DSF, or Django Software Foundation. Every event involving Django has to have a code of conduct. The DSF also recently released a diversity statement making an official stance on the kind of community they want to build.
Moreover, in case of any issues during the web development process, you can post your queries in the community and avail the required help from the experts for completing your project successfully.
If you’re into statistics, here’s Stack Overflow’s yearly survey showing Django amongst the top used & loved frameworks:
Django web framework is the most popular Python-based framework, according to the 2020 JetBrains Developer’s Survey which surveyed more than 19,000 web developers.
There are thousands of websites across the globe with Django at their cost.
Many companies have leveraged the Django to create incredible applications and websites. Below are some popular applications built with this framework:
Youtube: Initially developed on PHP, later on, turned to Django and saw an improvement in performance, and scalability, and added new features efficiently.
Spotify: This world’s most famous streaming service noticed an increase in its speed by using Django.
Instagram: This social media platform swank one of the largest deployments in the world. The Instagram developers were fascinated with the simplicity of Python and found coding easier with Django.
Bitbucket: Right from when Bitbucket started in May 2008, it has always been a Django shop. Bitbucket officially launched one month later, proving how fast you can move using this framework.
The Washington Post: This company loves Django for its capacity to deal with high-volume web traffic.
Dropbox: This web app uses Django for providing services regarding data sharing.
Django is an awesome python based web framework, mature, stable, and packed with features allowing to build a wide range of web applications, from REST APIs and web services to server-side rendered websites.
At Hashtrust, we'll continue to invest in Django and use it in our stack, as it helps us build maintainable and extensible web apps and services for our clients.
If you’re starting a software project from scratch, I’d personally recommend Django.
For any questions regarding Python web frameworks, Django best practices, or anything else, please don’t hesitate to contact us!
At Hashtrust, we are great fans of the Django framework and have built many custom solutions with help.
By the way, we are hiring! Join our expert team and help us deliver awesome web products for end users all over the world. Check our open positions and let's talk!