[Chicago] Web Frameworks?

Massimo Di Pierro mdipierro at cti.depaul.edu
Fri Aug 17 19:57:10 CEST 2007


Hi Adrian,

so far I have been using Django and I have thought Django. I find it  
the most stable and easy to install framework.

I understand your argument about urls, I just think it should be  
optional otherwise it makes a steeper learning curve.

About debugging, perhaps I did not express myself properly. I think  
all errors should be logged. Errors should never be displayed to the  
user unless the user identifies himself as the administrator. The  
administrator could be identified by a password (and I see why you  
object to it) and/or by a connection from localhost or a given  
network domain. I just don't want people to be publish an application  
and forget the debug=False flag. And I do not want that when they  
turn off debug the administrator has no way to check whether a user  
has an error. I am just asking for a built-in ticketing number. This  
should be easy for Django since Django already has an excellent  
administrative interface.

The only two things I do not like about Django are the urls and the  
template language. This is not because they are not functional but  
because, in my class, I have to teach Python and the template  
languages does not feel like Python, so I have to teach that too.

Massimo

On Aug 17, 2007, at 11:48 AM, Adrian Holovaty wrote:

> Hi Massimo,
>
> I try not to get sucked into these sorts of subjective discussions
> anymore, but...what the heck.
>
> On 8/17/07, Massimo Di Pierro <mdipierro at cti.depaul.edu> wrote:
>> I do not like Django urls.py because they go in the direction of  
>> duplicating
>> information instead of forcing users to follow good practice. For  
>> example,
>> if I change name to a controller I also need to edit urls.py and  
>> vice versa;
>> moreover I can have a form action with a different name than the  
>> name of the
>> corresponding controller. This is very confusing to students.  
>> CherryPy and
>> RoR instead enforce good practice. The ability to match arbitrary  
>> URLs
>> should be optional and specified at the level of the controller  
>> (perhaps
>> with a decorator).
>
> Decoupling URLs from the code that executes them is a good thing. This
> is a deliberate design decision. See the section "URLconfs and loose
> coupling" at http://www.djangobook.com/en/beta/chapter03/ for some
> reasoning.
>
>> there should not be a debug ON/OFF setting. There should be a  
>> standard error
>> page that allows login as administrator. If administrator is  
>> logged in he/she can see the
>> debug information.
>
> Whoa there! Not only is this a security problem, it's a usability
> problem. Site users should never be presented a link to "login as
> administrator." Could you imagine how ludicrous and unprofessional it
> would be if a Google or Yahoo error page, or perhaps your bank's Web
> site, displayed a "login as administrator" link?
>
> Adrian
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> http://mail.python.org/mailman/listinfo/chicago



More information about the Chicago mailing list