Flask or Django for Web Application?

This writing is not intended to provide a Python web development lessons. It is intended to share some my experience of using both frameworks in these years.

I started with the Flask framework for packing my data analytics results to html pages, so clients could have an organized visualization by running a simple python file. Flask was perfect for the task.

Soon I started to write some real webs but mostly for display data analysis results within clients’ intranet. There were no password and user authentication needed, and the displays are few. Flask was still fine.

Once I started to develop real website using Flask framework, it took me a little while to master the user and database session management. Some interconnected modules forced me having to pile functions and models into one python file in order to make them work interactively. For example, you need a user model to build a database, but your user model need a database engine to create a model. If the database engine initiation, user model, database are not in the same file or not in the correct order, error will be raised. Piling all the thing together makes the individual file very long and restricts web’s scalability.

Latter, I learned to make Flask packages by initializing the app first, only found out the Flask package structure is very similar to Django. In addition, Django saves the headache of writing lengthy codes of User management.

Now, it is clear. Django is the better framework for building a complex web applications. Its structure is well formed and easy to divide different parts of the web components to different team members. Many models and functions are already included in the Django framework. It significantly reduce our codes, therefore shorten the project time.

For the same reason that Django has well established structures, if you want to change some structures you have fight at every step to break the locks. From the security point view, Django inserted hash and token in its requests and storage for sensitive information. That makes web very secure. But its well established structure may provide people good idea for guessing how certain web apps handle the data flowing, therefore there is possibility for easier hacking.

I am still using Flask for neat data analytics result display and sample web site building, since I do not need pay much attention on web app sittings and initiations. Because Flask’s flexibility, you may design your very unique web application structure and hash/ token where you want and how you want. Your web may achieve much higher security standard. For beginners, Django is much secure choice, because it force programmers to add token in data input and automatically to hash sensitive information.

In summary, Django is easier to learn and use when you follow its structures. It integrates the information security and user management in the coding process. Its structured framework is easier for team collaboration. On the other hand, Flask framework is small and flexible and suitable for simple tasks or single task (i.e. data analytics result communication with clients, single app deployment and dashboard build). But for big web application jobs, you have to carefully plan out your own structure at very beginning if you do not want get into a big mess later. Since you can control every step in Flask, you may design a web near un-hack-able.