Django 1.2 - Multiple DBs and CSRF Protection

DZone 's Guide to

Django 1.2 - Multiple DBs and CSRF Protection

· Web Dev Zone ·
Free Resource
On Monday afternoon, the Django 1.2 release had a false start, but the corrections to the (open source) Python-based web framework are being made and Django 1.2.1 should be released this afternoon.  The problem was in a configuration file that builds the Django documentation - it did not have its version number incremented in the Django 1.2 package.  The Django developers said that they would wait 24 hours to make sure that no other defects are found and then release Django 1.2.1 with an updated documentation builder.

Support for Multiple DBs

In Django 1.2 you have the power to use multiple databases in a single Django project.  There is new documentation on how to use this feature.  Queries can be issued at a particular database via the using() method on QuerySet objects.  Providing a using argument when you call save() will save individual objects to a specific database.  GeoDjango has also gotten support for multiple spatial databases.  

CSRF Hack Protection

The framework now comes with Cross Site Request Forgery middleware and a template tag to easily enable protection against CSRF attacks.  According to the Django developers, a CSRF attack "occurs when a malicious Web site contains a link, a form button or some javascript that is intended to perform some action on your Web site, using the credentials of a logged-in user who visits the malicious site in their browser. A related type of attack, ‘login CSRF’, where an attacking site tricks a user’s browser into logging into a site with someone else’s credentials, is also covered."  Learn how to use this feature here.

Model Self-Validation

Model instances in Django 1.2 can now validate their own data.  Also, model and form fields can now accept configurable lists of validators that specify encapsulated, reusable validation behavior.  Be aware that invoking a model instance's save() method will not perform validation; you still need to perform validation explicitly.  

User "Messages" Framework

Django 1.2 has a new messages framework that is configurable and robust.  It has built-in support for cookie- and session-based messages for both anonymous and authenticated users.  As a result, the message API, which is replaced by the messages framework, has been depreciated.  

Object-level Permissions

Django 1.2 also provides many new authentication capabilities, including a foundation for specifying permissions for individual objects.  Since this is not a core-level implementation, a custom authentication backend can provide the implementation.

Powerful New "Smart" if tags

if tags in Django 1.2 have support for comparison operators, so instead of typing:
{% ifnotequal a b %}
{% endifnotequal %}
You can type this:
{% if a != b %}
{% endif %}
==, !=, <, >, <=, >=, in and not in, are the new operators supported in Django 1.2.  They work just like Python operators.

Filters can also be used now in the if expression:
{% if user.email|lower == message.recipient|lower %}
{% endif %}
>{{ message }}</div>

Other New Features

  • GeoDjango enhancements
  • Permissions for anonymous users
  • Relaxed requirements for usernames
  • Configurable email backends
  • New now template tag format specifier characters: c and u
  • JavaScript-assisted handling of inline related objects in the admin
  • Syndication feeds as views
  • Customizable syntax highlighting
  • Improved localization
  • Fast failure for tests
  • BigIntegerField
  • Natural keys in fixtures
  • Template caching

Backwards Compatibility

Django 1.2 requires support for Python 2.4 as the new minimum while support for 2.3 has been dropped.  The new CSRF protection framework is no longer compatible with the old system, but users of the old system won't be affected until it's removed in Django 1.4.  The PostgreSQL database backend has been depreciated because the psycopg1 library hasn't been updated since 2005, but there are other ways to use PostgreSQL.

The second bug fix release in the Django 1.1.x branch was also just released.  The Django 1.1.2 release notes are available here.  Support for the 1.1.x branch will end after Django 1.3 is released.

Follow this link for a full listing of the new and depreciated features in Django 1.2.  Find the best IDEs, hosting, and applications for Django here.  Finally, you should check out the tutorials posted during Django Advent showing how to harness the new features in 1.2.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}