Hi, On 02-06-20, Lukas Fleischer wrote:
One thing I should have clarified much more in my first email in this thread is that this is part of a dual stack solution, with most of the code still being written in PHP and only specific pages being handled by the new framework. Everything we do (including database access, user and session management, ...) must be fully compatible with our PHP implementation, hence we would almost certainly not be able to use any of the more sophisticated features that these more comprehensive frameworks provide.
Right, I had not understood this would be such a strong design constraint. In that case, yes, Django is clearly out of the loop. I understand the advantages of a gradual rollout. However there's a risk that the new code can end up being inconsistent, with possible security impacts. You will have to really double-check any code related to authentication, autorization, privilege, permissions, etc. "Heavyweight" frameworks usually take care of that for you in a consistent way, but here you will be mostly on your own.
As you may have noticed from some of the patches submitted to the ML, we decided to use FastAPI over Flask.
Indeed, I didn't know FastAPI. It looks like a more fancy/modern Flask, which is a good sign. Baptiste