Django Concepts

1. Settings file

What is secret key?

• The secret key is a string used to provide cryptographic signing and encryption in Django.
• It is used to secure cookies, session data, and other sensitive information.
• It is recommended that this key is kept secret and not shared publicly.

What are the default Django apps inside it? Are there more?

• Django comes with a number of built-in apps, including admin, auth, contenttypes, sessions, messages, and staticfiles.
• There are also many third-party apps available that can be easily installed via pip.

What is middleware? What are different kinds of middleware?

• Middleware is a way to add extra functionality to the request/response processing in Django.
• There are different types of middleware, including process_request, process_view, process_exception, and process_response.
• Security middleware can help prevent common vulnerabilities like CSRF, XSS, and Clickjacking.

Django Security

Django has several built-in security features to help protect against common web application vulnerabilities. Some of these include:

• CSRF protection: Cross-site request forgery protection helps prevent unauthorized actions on behalf of a user.
• XSS protection: Cross-site scripting protection helps prevent injection attacks that can execute malicious code in a user's browser.
• Clickjacking protection: Clickjacking protection helps prevent attackers from tricking users into clicking on hidden or disguised elements.

CSRF

CSRF (Cross-site request forgery) is a form of security breach in which an unauthorized user can perform actions on behalf of an unsuspecting user.

XSS

Cross-site scripting (XSS) is a type of attack where an attacker can inject malicious code into a website, which can then be executed by other users who view the page. Django includes built-in XSS protection to help prevent these attacks.

Clickjacking

Clickjacking is a type of attack where an attacker tricks a user into clicking on something they didn't intend to click on. Django includes built-in clickjacking protection to help prevent these attacks.

Other middleware

There are many other types of middleware available for Django, including caching middleware, authentication middleware, and compression middleware.

What is WSGI?

• The WSGI (Web Server Gateway Interface) is a set of guidelines that define a uniform interface between web servers and web applications.
• Django includes a built-in WSGI server that can be used for development.
• But for production use, it is recommended to use a dedicated web server like Apache or Nginx with a WSGI interface like mod_wsgi or uWSGI.

  ---

2. Models file

What is ondelete Cascade?

• Ondelete Cascade is a feature in Django that allows you to specify how related objects should be treated when the parent object is deleted.
• When a parent object is deleted, the Ondelete Cascade option will automatically delete any related objects as well.

Fields and Validators

• Django provides a variety of fields and validators that can be used in your models to define the structure of your database tables.
• Some of the most common fields include CharField, IntegerField, DateField, DateTimeField, and ForeignKey.
• Validators are used to validate the data entered by the user before it is saved to the database.
• Some common validators include MaxValueValidator, MinValueValidator, and RegexValidator.

Python module vs Python class

• In Python, a module is a file containing Python definitions and statements, while a class is a blueprint for creating objects.
• In Django models, a module typically contains multiple classes, each representing a database table.
• The module itself is simply a file that contains these class definitions.
• Each class within the module represents a specific database table, with the class attributes defining the table fields and their data types.

  ---

3. Django ORM

Using ORM queries in Django Shell

• The Django shell provides a way to interact with your database using Python code.
• You can use ORM queries to retrieve and manipulate data in the shell just like you would in a Python script.

Turning ORM to SQL in Django Shell

• You can use the query attribute of a Django ORM query to view the corresponding SQL query that will be executed.
• For example, if you have a QuerySet called my_queryset, you can view the corresponding SQL query by calling print(my_queryset.query).

What are Aggregations?

• Aggregations in Django are a way to perform calculations on a set of objects and return a single value.
• Some common aggregations include count, sum, avg, min, and max.

What are Annotations?

• Annotations in Django allow you to add extra information to each object in a QuerySet.
• You can use annotations to add calculated fields, perform subqueries, and more.

What is a migration file? Why is it needed?

• A migration file in Django is a Python script that describes the changes that need to be made to the database schema.
• It is created using the makemigrations command and is used to update the database schema when changes are made to your models.

What are SQL transactions?

• SQL transactions are a way to ensure that multiple SQL statements are executed as a single, atomic operation.
• This helps to ensure data consistency and prevent race conditions.
• Transactions can be started using SQL commands like BEGIN and COMMIT.

What are atomic transactions?

• In Django, atomic transactions are a way to ensure that multiple ORM operations are executed as a single, atomic operation.
• This helps to ensure data consistency and prevent race conditions.
• Atomic transactions can be started using the atomic decorator or context manager.