I am developing a web application using flask, Werkzeug and jinja2. I am very much confused with these terms and wanted to know the meaning of the terms and how they are interrelated to the CGI environment variables. What is global variable g and how it is related to the application context and request context.
Also since I don't have much knowledge of developing web apps( I am doing it for first time) any another language also so there is another request if someone could give a reference or make me understand that how the requests are handled, i mean what happens when a request arrives to the web application.
Also if i am not using any openID providers for logging in the user into my website, how can I make the password secure. Should I use any framework for that?
The application context is a good place to store common data during a request or CLI command. Flask provides the g object for this purpose. It is a simple namespace object that has the same lifetime as an application context.
The RequestContext class contains information about the HTTP request in the HttpContext property. It contains information about the route that matched the current request in the RouteData property. When you construct a URL from a route, you pass an instance of the RequestContext class to the RouteCollection.
In the client-server architecture, the request object contains all the data that is sent from the client to the server. As we have already discussed in the tutorial, we can retrieve the data at the server side using the HTTP methods.
Application Context: It is the application and we are present in Application. For example - MyApplication(which extends Application class). It is an instance of MyApplication only. Activity Context: It is the activity and we are present in Activity. For example - MainActivity.
For request context better look next question: What is the purpose of Flask's context stacks?. Better spend a little time to understand it because it basic framework principal.
Many approaches for user data storing will be secure, the easiest store user in database and password as modern_crypto_hash(password + salt)
with limitation for short passwords acceptance and use something for logging as Flask-Login
or Flask-Principal
. To avoid SQL injections you can use any ORM, for example SqlAlchemy
. To avoid XSS send data changing by POST and add csrf
token, WTForms
good there. To avoid html tags injection already use build in template system by default and do not insert user content to page unsafely. Also can be useful https
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With