Both Flask and Django are:
- Web frameworks
- Coded on python
- Opensource products with great communities
- Both could be used for Server Side Rendering (for SEO purposes) or building REST APIs (e.g. JSON) for SPAs
- Both have the blocking programming model which require multi-thread/multi-process runners like gunicorn to serve multiple requests at the same time
What is the difference Flask vs Django? TL;DR:
- Django is an all-in-one solution: Relational DB ORM + Migrations, Template rendering system, Security middlewares, User management built-in application, configurable CRUD admin panel, and it is all in official distribution
- Flask is a microframework - you have to install and configure all packages for required features by yourself, configure the project and automotive pipelines, you will spend much more time on doing it for each new project
Github stars
Django:
Flask:
Django Internal ORM
1. Define the model in models.py with e.g.
class Person(models.Model):
name = models.CharField(max_length=30)
age = models.IntegerField()
2. Run python manage.py makemigrations
3. Run python manage.py migrate
That is all! It will generate CREATE TABLE SQL statement and execute it under the hood to synchronize your models to the database.
Then just do:
p = Person(name="Alex Kotli", age=28)
p.save()
And Djangos ORM will perform INSERT SQL query under the hood. If you will write:
Person.objects.filter(age__gt=18)
And it will do SELECT SQL which will return an iterable with all persons with age greater than 18.
Flask vs Django ORM
Flask doesn't have ORM.
You can pip install side-vendor ORM called SQLAlchemey, and then connect it by imports or flask plugins. But SQLA itself does not have migrations, so you will then need an Alembic for migrations, and then you will need to configure both (several files but it takes time anyway)
Django admin area
Create a boilerplate app, run python manage.py createsuperuser and then log in to http://127.0.0.1:8080/admin/:
It already allows you to manage users/roles/permissions and could be customized for any new model! Flask doesn't have it.
Popular companies who use it
Django is used by the next big players:
- Disqus
- Mozilla
- National Geographic
Companies using Flask:
- Airbnb
- Netflix
- Uber
- Mailgun
As you can see both frameworks have great trust in huge companies.
What to choose Flask or Django?
Make your choice by considering one by one all pros and cons.
Django benefits, Flask disadvantages
- Django will give you an all-in-one solution with everything needed to build great web apps, on Flask you will have to do a lot of extra setups to gather all things together.
- Django is much faster in terms of development time, but only when you have experience working with it. Flask is faster if you never did web programming before.
- Django will cover you from security attacks if you follow recommendations and not doing stupid things that reduce security level, like removing CSRF protection instead of adding a couple of lines of code to satisfy it, allowing cors to
*, disabling hostname check, and so on. On Flask you will have to be aware very well of the most common web vulnerabilities and will have to find packages to implement them by yourself. And then perform a security audit. Flask has no internal security layer at all - Most Django libraries (e.g. OAuth sign up) are much easier to use, have more features, and are up-to-date
- Django implements a secure login system for you
Flask pros, Django cons
- You have to learn Django longer when flask ready to serve HTTP requests after pip/pipenv install
- With Flask you will use more external libraries which could be then used in other e.g. non-web python apps - free experience
- You will deliver lightweight apps, but it will not give you a performance boost (you will save only a couple of function calls which would happen in Django middlewares), most issues come with heavy and joined DB requests without indexes which could happen on both frameworks when you don't analyze the database access layer performance
- You are flexible to implement some different methods e.g. Django by default uses sessions over a cookie when you can craft your own JWT way to handle Authorisation, again with a huge risk of security attacks if you do even a small mistake
Is there something faster than Flask and Django?
The worst disadvantage of both frameworks that they implement a blocking model, so to serve 4 requests at the same time you have to run the framework in some multi-thread/multi-process runner like gunicorn. If it has 4 active workers and they are all busy handling requests, the 5th request will wait until some worker will get free.
To fix this issue Python core developers in 3.6+ versions introduced so-called asyncio programming model (you can often hear async/await) which has its own HTTP frameworks:
Both have the same simple functionality as a flask (They are microframeworks). Also, this model requires all used IO-related libraries to be compatible with async/await, for example instead of SQLALchemy you need to use Gino ORM. Instead of requests you will need aiohttp client. But you can still use Alembic because migration efficiency is not important at all.
So here we come to another benefit of Flask – if you will want to implement asyncio model, with Flask it will be much easier to adopt your views and APIs.
Comparing to the blocking model, async approach is new, and we believe that it will squeeze out the legacy way in our IO-heavy world due to great efficiency. If you want to understand asyncio model on a simple example, please read the hint Parallel execution of asyncio functions.
