Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Django's Architecture: The Good, The Bad, and T...
Search
Andrew Godwin
October 22, 2011
Programming
21
15k
Django's Architecture: The Good, The Bad, and The Ugly
A talk I gave at FOSDEM 2011.
Andrew Godwin
October 22, 2011
Tweet
Share
More Decks by Andrew Godwin
See All by Andrew Godwin
Reconciling Everything
andrewgodwin
1
320
Django Through The Years
andrewgodwin
0
210
Writing Maintainable Software At Scale
andrewgodwin
0
450
A Newcomer's Guide To Airflow's Architecture
andrewgodwin
0
360
Async, Python, and the Future
andrewgodwin
2
680
How To Break Django: With Async
andrewgodwin
1
730
Taking Django's ORM Async
andrewgodwin
0
730
The Long Road To Asynchrony
andrewgodwin
0
660
The Scientist & The Engineer
andrewgodwin
1
770
Other Decks in Programming
See All in Programming
Design Foundational Data Engineering Observability
sucitw
2
130
testingを眺める
matumoto
1
130
Microsoft Orleans, Daprのアクターモデルを使い効率的に開発、デプロイを行うためのSekibanの試行錯誤 / Sekiban: Exploring Efficient Development and Deployment with Microsoft Orleans and Dapr Actor Models
tomohisa
0
230
Testing Trophyは叫ばない
toms74209200
0
260
Oracle Database Technology Night 92 Database Connection control FAN-AC
oracle4engineer
PRO
1
370
AIレビュアーをスケールさせるには / Scaling AI Reviewers
technuma
2
240
TROCCO×dbtで実現する人にもAIにもやさしいデータ基盤
nealle
0
400
ソフトウェアテスト徹底指南書の紹介
goyoki
1
130
ECS初心者の仲間 – TUIツール「e1s」の紹介
keidarcy
0
150
Ruby Parser progress report 2025
yui_knk
1
260
CJK and Unicode From a PHP Committer
youkidearitai
PRO
0
100
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
300
Featured
See All Featured
Designing for Performance
lara
610
69k
We Have a Design System, Now What?
morganepeng
53
7.8k
Gamification - CAS2011
davidbonilla
81
5.4k
Rails Girls Zürich Keynote
gr2m
95
14k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Scaling GitHub
holman
463
140k
The Cost Of JavaScript in 2023
addyosmani
53
8.9k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
8
510
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.5k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
30
9.6k
Transcript
The Good, The Bad, & The Ugly Django's Architecture: Andrew
Godwin FOSDEM 2011
Django core committer Mercenary programmer Startup founder (ep.io)
Django: A Brief History
Initial Public Release in 2005
1.0 in 2008
1.3 in a few weeks
Basic Layout
contrib core db dispatch http forms middleware shortcuts templates views
contrib admin auth comments contenttypes flatpages gis humanize localflavor messages
sessions staticfiles syndication
core cache files handlers mail management serializers servers paginator urlresolvers
validators
db backends models
others views.decorators views.generic csrf test forms.widgets forms.fields forms.formsets forms.models
Almost every piece of code has been changed since 2005
""Good, Bad, Ugly?""
Lessons from both the past and the present
Some stuff here is historical (we fixed it, thankfully)
There's still nasty bits (we're working on those)
The Good
contrib.admin
admin.site.register( Book, list_display = [ "title", "slug", ], prepopulated_fields =
{ "slug": ( "title", "description", ) } )
The Model Layer (sometimes incorrectly called the ORM)
Sensible Abstractions (sessions, caching, mail, etc.)
GeoDjango (contrib.gis)
from django.contrib.gis.db import models class Lakes(models.Model): name = models.CharField(max_length=100) rate
= models.IntegerField() geom = models.MultiPolygonField() objects = models.GeoManager() >>> lake3 = Lakes.objects.get(id=3) >>> newlake.geom.contains(lake3.geom) True
None
Debugging Tools (./manage.py shell, testing tools, culture)
CSRF Protection (the new type)
Auto-escaping
View API simplicity
Python
MultiDB
Small actual core
Documentation (both the core docs and the culture)
The Community
Not being too high-level
The Bad
pre-1.2 CSRF Would you like token leakage with that?
<form action="/someview/" method="POST"> ... </form>
<form action="/someview/" method="POST"> ... <input name="csrftoken" ...></form>
<form action="http://evil.com" method="POST"> ... <input name="csrftoken" ...></form>
Schema changes Add a column? Oh, no, not sure we
can do that.
Template Implementation Hasn't changed that much.
The Ugly
""Magic"" It's hard to define, but you know it when
you see it.
Too many regular expressions They're great until they're 100+ chars
long
(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)* # dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$' # domain (^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*
# dot-atom |^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*" # quoted-string )@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$ # domain
Customising Auth Can't really touch it.
{% endifnotequal %} Thankfully we fixed this in 1.2.
Are there lessons to be learnt?
Not everything needs fixing now A lot of these issues
have third-party solutions
How do you get better? Consistency, not always writing new
features, and people with too much free time.
Thanks. Andrew Godwin @andrewgodwin http://aeracode.org