Category: Flask

2017-08-23T17:32:00Z

Serverless Deployments of Python APIs

If you are like me, you were starting to get comfortable with the idea of deploying your applications to cloud instances such as EC2s on AWS or droplets on DigitalOcean, when people started to shift away from cloud instances and embrace containers. Maybe now you are getting into containers and Docker, and as is to be expected, the tech world is making a move once again, this time to severless computing. Impossible to ever catch up, right?

In this article I'm going to tell you what a serverless architecture can offer you that the more traditional approaches cannot (and more specifically how it is possible to run your Python web applications without a server!). At the time I'm writing this, AWS has by far the most mature serverless platform, with the Lambda, API Gateway and DynamoDB triad of services at the forefront, so this is the platform I'm going to concentrate on.

AWS Serverless

6 comments

2017-08-07T06:38:45Z

Flask Video Streaming Revisited

Flask Video Streaming Server

Almost three years ago I wrote an article on this blog titled Video Streaming with Flask, in which I presented a very modest streaming server that used a Flask generator view function to stream a Motion-JPEG stream to web browsers. My intention with that article was to show a simple, yet practical use of streaming responses, a not very well known feature in Flask.

That article is extremely popular, but not because it teaches how to implement streaming responses, but because a lot of people want to implement streaming video servers. Unfortunately, my focus when I wrote the article was not on creating a robust video server, so I frequently get questions and requests for advice from those who want to use the video server for a real application and quickly find its limitations. So today I'm going to revisit my streaming video server and describe a few improvements I've made to it.

34 comments

2017-07-18T20:16:19Z

Cookie Security for Flask Applications

Cookies are the most common attack vector for applications that run on web browsers, yet the topic of how to make cookies secure is frequently overlooked. I touched upon this topic in a few past articles, but today I want to specifically go over all the options Flask and extensions such as Flask-Login and Flask-WTF give you in terms of securing your application against web browser attacks.

Cookie Security

14 comments

2017-07-09T21:15:55Z

The Flask Mega-Tutorial Kickstarter

Chances are, you were introduced to my blog through the Flask Mega-Tutorial, which is by far, the most popular topic on this blog. If you are doing the tutorial now, I'm sure you noticed that a number of things aren't quite as easy anymore. This is unfortunate, but several of the areas the tutorial touches on have seen significant changes since I published the articles.

The tutorial is now five years old, and embarking on a rewrite to bring it to Python 3.6 and current versions of all other technologies is going to require a considerable amount of time and effort. So I have decided to try a little experiment with a Kckstarter. If you haven't seen this yet, have a look at this video:

23 comments

2017-07-03T15:45:28Z

Flask-SocketIO and the User Session

The way user sessions are handled in my Flask-SocketIO extension has always been a pain point for me. I tried to make sessions work almost the same as they work on regular Flask routes, but the "almost" part is what makes it confusing for most people.

In this short article and its companion video, I will try to explain why this is not trivial, and also will go over some improvements I just released that I hope will improve the use cases on which users seem to always trip.

2 comments

2017-06-12T15:46:32Z

Migrating from Flask-Script to the New Flask CLI

Flask CLI

In release 0.11, Flask introduced new command-line functionality based on Click, which includes the flask command. Before then, Flask did not provide any support for building command-line interfaces (CLIs), but Flask-Script provided similar functionality as a third party extension.

It's been more than a year since the Flask CLI has been released, and I still see a lot of projects out there based on Flask-Script. My guess is that there aren't really any important reasons that motivate people to migrate, since Flask-Script worked well, or at least well enough. But the reality is that Flask-Script hasn't had an official release since 2014 and appears to be unmaintained. In this article I want to show you how I migrated the Flasky application from my Flask book from Flask-Script to Click (one of the changes that are coming in the second edition of the book!), so that you can learn what the differences are, and decide if it is time to migrate your applications.

17 comments

2017-06-03T18:41:15Z

Running Your Flask Application Over HTTPS

Posted by Miguel Grinberg under Python, Flask, Security.

While you work on your Flask application, you normally run the development web server, which provides a basic, yet functional WSGI complaint HTTP server. But eventually you will want to deploy your application for production use, and at that time, one of the many things you will need to decide is if you should require clients to use encrypted connections for added security.

People ask me all the time about this, in particular how to expose a Flask server on HTTPS. In this article I'm going to present several options for adding encryption to a Flask application, going from an extremely simple one that you can implement in just five seconds, to a robust solution that should give you an A+ rating like my site gets from this exhaustive SSL analysis service.

SSL

10 comments

2016-09-29T14:54:27Z

Implementing the "Soft Delete" Pattern with Flask and SQLAlchemy

Soft Deletes

Every time I find myself writing code to delete data from a database I get nervous. What if I later determine that I needed this piece of information, after all? For example, what if having access to this data that was deleted would have helped me reproduce or debug an issue? Or what if the data can be useful for audit purposes in a future version of the application?

You can find lots of reasons to never delete records from your database. But obviously these records that you saved from permanent deletion need to be marked as being "less interesting" than the rest, so that you have something you can use to filter them out in queries. The Soft Delete pattern is one of the available options to implement deletions without actually deleting the data. It does it by adding an extra column to your database table(s) that keeps track of the deleted state of each of its rows. This sounds straightforward to implement, and strictly speaking it is, but the complications that derive from the use of soft deletes are far from trivial. In this article I will discuss some of these issues and how I avoid them in Flask and SQLAlchemy based applications.

17 comments

2016-04-04T17:57:45Z

How Secure Is The Flask User Session?

Many times I hear people say that user sessions in Flask are encrypted, so it is safe to write private information in them. Sadly, this is a misconception that can have catastrophic consequences for your applications and, most importantly, for your users. Don't believe me? Below you can watch me decode a Flask user session in just a few seconds, without needing the application's secret key that was used to encode it.

22 comments

2016-02-29T06:44:29Z

"Flask At Scale" tutorial at PyCon 2016 in Portland

Pycon 2016 Logo

The tutorial line up for PyCon 2016 in Portland, Oregon has been announced, and I'm excited to be part of it with yet another Flask tutorial. For some odd reason, not all the class information I provided with my proposal was published on the PyCon website, so I want to give you a good overview of the material I plan to cover here, to help you decide if this tutorial is for you.

25 comments