6

I am developing a web application using flask, Werkzeug and jinja2. I am very much confused with these terms and wanted to know the meaning of the terms and how they are interrelated to the CGI environment variables. What is global variable g and how it is related to the application context and request context.

Also since I don't have much knowledge of developing web apps( I am doing it for first time) any another language also so there is another request if someone could give a reference or make me understand that how the requests are handled, i mean what happens when a request arrives to the web application.

Also if i am not using any openID providers for logging in the user into my website, how can I make the password secure. Should I use any framework for that?

user2794034
  • 71
  • 1
  • 8
  • I suspect if you're that much of a beginner, Django will probably be a better bet for you. Especially as it comes with an authentication app that deals with storing passwords etc. – Daniel Roseman Apr 07 '14 at 16:09

1 Answers1

2

For request context better look next question: What is the purpose of Flask's context stacks?. Better spend a little time to understand it because it basic framework principal.

Many approaches for user data storing will be secure, the easiest store user in database and password as modern_crypto_hash(password + salt) with limitation for short passwords acceptance and use something for logging as Flask-Login or Flask-Principal. To avoid SQL injections you can use any ORM, for example SqlAlchemy. To avoid XSS send data changing by POST and add csrf token, WTForms good there. To avoid html tags injection already use build in template system by default and do not insert user content to page unsafely. Also can be useful https.

Community
  • 1
  • 1
tbicr
  • 24,790
  • 12
  • 81
  • 106