Hacker News new | past | comments | ask | show | jobs | submit login

Remark that the article is rather old (although revisited 2014, however that's still an eternity in webdev world). Although I like flask (it was my first library to do "web stuff") I miss especially the fact that authentication is not part of the core lib, but only available via third-party extensions.

That may not be a problem for an experienced dev, but for a starter in web-dev I highly appreciate a library or framework that has built-in authentication because you do not want to fuck that up. Granted - you can also fuck it up with e.g. Django, but it is way harder.

This all depends what your goal is.

If your goal is to understand web development then I would say that a micro-framework like Flask is better because you actually have to assemble all the pieces yourself. Moreover, if you're curious about how a given feature is implemented, extension source code is often very accessible. For example, all the business logic in Flask-Login is confined to one ~450 line Python file [1]. Not bad!

But one the other hand, if you're trying to create a production-ready service, then Django/Rails probably have fewer risks since they require fewer decisions.

Lastly, the book had a very thorough treatment of authentication. I agree that this is a huge pitfall, and I think Miguel introduced and explained the problem extremely well.

[1] https://github.com/maxcountryman/flask-login/blob/master/fla...

I think they don't include it not because you should roll your own (you really shouldn't) but because they don't make the assumption that you'll need it. Once they start adding that stuff by default they'll no longer be a 'microframework'.

But yes, definitely grab a third party extension for auth :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact