Chapter 0: Preface

web2py was launched in 2007 and now, after four years of continuous development, we have reached a very much needed fourth edition of this book. During this time, web2py has managed to win the affection of thousands of knowledgeable users and more than one hundred developers. Our collective effort has created one of the most full-featured Open Source Web Frameworks in existence.

I originally started web2py as a teaching tool because, I believe, the ability to build high quality web applications is of critical importance for the growth of a free and open society. It prevents the biggest players from monopolizing the flow of information. This motivation continues to be valid and it is even more important today.

In general, the purpose of any web framework is to make web development easier, faster and prevent developers from making mistakes, especially in matters related to security. In web2py we address these issues with our three main goals:

Ease of use is the primary goal for web2py. For us, this means reducing the learning and deployment time. This is why web2py is a full-stack framework without dependencies. It requires no installation and has no configuration files. Everything works out of the box, including a web server, database and a web-based IDE that gives access to all the main features. The API includes just 12 core objects, which are easy to work with and memorize. It can interoperate with most web servers, database and all Python libraries.

Faster development is the secondary goal. Every function of web2py has a default behavior (which can be overridden). For example, as soon as you have specified your data models, you will have access to a web-based database administration panel. web2py also generates automatically forms for your data and it allows you to easily expose the data in HTML, XML, JSON, RSS, etc.

Security is at the heart of web2py, and our goal here is to lock everything down to keep your systems and data safe. Therefore, our database layer eliminates SQL Injections. The template language prevents Cross Site Scripting vulnerabilities. The forms generated by web2py provide field validation and block Cross Site Request Forgeries. Passwords are always stored hashed. Sessions are stored server-side by default to prevent Cookie Tampering and session cookies are uuid to prevent Cookie Stealing.

web2py has always been built from the user perspective and is constantly optimized internally to become faster and leaner, whilst always maintaining backward compatibility.

web2py is free for you to use. If you benefit from it, we hope you will feel a little more like contributing back to society in whatever form you choose.

In 2011 InfoWorld magazine reviewed six of the most popular full-stack Python based web frameworks and ranked web2py highest. Also in 2011, web2py won the Bossie Award for best Open Source Development Software.