Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Django's Architecture: The Good, The Bad, and T...
Search
Andrew Godwin
October 22, 2011
Programming
21
14k
Django's Architecture: The Good, The Bad, and The Ugly
A talk I gave at FOSDEM 2011.
Andrew Godwin
October 22, 2011
Tweet
Share
More Decks by Andrew Godwin
See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
310
Django Through The Years
andrewgodwin
0
200
Writing Maintainable Software At Scale
andrewgodwin
0
440
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
350
Async, Python, and the Future
andrewgodwin
2
660
How To Break Django: With Async
andrewgodwin
1
720
Taking Django's ORM Async
andrewgodwin
0
720
The Long Road To Asynchrony
andrewgodwin
0
650
The Scientist & The Engineer
andrewgodwin
1
760
Other Decks in Programming
See All in Programming
AI時代のソフトウェア開発を考える(2025/07版) / Agentic Software Engineering Findy 2025-07 Edition
twada
PRO
7
310
dbt民主化とLLMによる開発ブースト ~ AI Readyな分析サイクルを目指して ~
yoshyum
2
250
High-Level Programming Languages in AI Era -Human Thought and Mind-
hayat01sh1da
PRO
0
690
Systèmes distribués, pour le meilleur et pour le pire - BreizhCamp 2025 - Conférence
slecache
0
120
ペアプロ × 生成AI 現場での実践と課題について / generative-ai-in-pair-programming
codmoninc
0
450
データの民主化を支える、透明性のあるデータ利活用への挑戦 2025-06-25 Database Engineering Meetup#7
y_ken
0
340
PHP 8.4の新機能「プロパティフック」から学ぶオブジェクト指向設計とリスコフの置換原則
kentaroutakeda
2
710
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
yodakeisuke
0
120
初学者でも今すぐできる、Claude Codeの生産性を10倍上げるTips
s4yuba
5
4.3k
PHPでWebSocketサーバーを実装しよう2025
kubotak
0
250
GitHub Copilot and GitHub Codespaces Hands-on
ymd65536
1
140
Blazing Fast UI Development with Compose Hot Reload (droidcon New York 2025)
zsmb
1
280
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
Site-Speed That Sticks
csswizardry
10
670
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
Bash Introduction
62gerente
614
210k
Agile that works and the tools we love
rasmusluckow
329
21k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
BBQ
matthewcrist
89
9.7k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Rails Girls Zürich Keynote
gr2m
94
14k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
60k
Transcript
The Good, The Bad, & The Ugly Django's Architecture: Andrew
Godwin FOSDEM 2011
Django core committer Mercenary programmer Startup founder (ep.io)
Django: A Brief History
Initial Public Release in 2005
1.0 in 2008
1.3 in a few weeks
Basic Layout
contrib core db dispatch http forms middleware shortcuts templates views
contrib admin auth comments contenttypes flatpages gis humanize localflavor messages
sessions staticfiles syndication
core cache files handlers mail management serializers servers paginator urlresolvers
validators
db backends models
others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models
Almost every piece of code has been changed since 2005
""Good, Bad, Ugly?""
Lessons from both the past and the present
Some stuff here is historical (we fixed it, thankfully)
There's still nasty bits (we're working on those)
The Good
contrib.admin
admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =
{ "slug": ( "title", "description", ) } )
The Model Layer (sometimes incorrectly called the ORM)
Sensible Abstractions (sessions, caching, mail, etc.)
GeoDjango (contrib.gis)
from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate
= models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
None
Debugging Tools (./manage.py shell, testing tools, culture)
CSRF Protection (the new type)
Auto-escaping
View API simplicity
Python
MultiDB
Small actual core
Documentation (both the core docs and the culture)
The Community
Not being too high-level
The Bad
pre-1.2 CSRF Would you like token leakage with that?
<form action="/someview/" method="POST"> ... </form>
<form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>
<form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>
Schema changes Add a column? Oh, no, not sure we
can do that.
Template Implementation Hasn't changed that much.
The Ugly
""Magic"" It's hard to define, but you know it when
you see it.
Too many regular expressions They're great until they're 100+ chars
long
(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*
# dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
Customising Auth Can't really touch it.
{% endifnotequal %} Thankfully we fixed this in 1.2.
Are there lessons to be learnt?
Not everything needs fixing now A lot of these issues
have third-party solutions
How do you get better? Consistency, not always writing new
features, and people with too much free time.
Thanks. Andrew Godwin @andrewgodwin http://aeracode.org