Django

Settings file:

All project-specific parameters, including database connection, static files, middleware, installed apps, and more, are stored in the settings file in Django.

What is the secret key?

• To secure Django applications, cryptographic hashing and signing are done using secret keys, which are random strings of characters.
• It is employed for activities like creating secure cookies and preventing CSRF attacks.
• To stop hackers from gaining access to private data, the secret key must be maintained safe, With the Django.core.management.utils.get the random secret key() function, you can create a reliable secret key.

What are the default Django apps inside it? Are there more?

• Static files, sessions, messages, and content types are the default Django apps that are listed in the settings file. Django offers more third-party apps too.

What is middleware? What are the different kinds of middleware? Read up a little on each security issue.

• Middleware is a tool that can be used to add extra features to the way your web application handles requests and responses. Different types of middleware can help address various security issues, like preventing CSRF (Cross-Site Request Forgery) attacks, protecting against XSS (Cross-Site Scripting) attacks, and preventing clickjacking.

• The different kinds of middleware available include authentication middleware, caching middleware, logging middleware, compression middleware, and error handling middleware. Each type of middleware serves a different purpose, such as verifying the identity of users trying to access protected resources, improving the performance of web applications by storing frequently accessed data, capturing and storing logs of various activities and events, compressing content before sending it to the client and catching and handling errors that may occur during the execution of a web application.

CSRF

CSRF (Cross-Site Request Forgery): A CSRF attack is when an attacker tricks a user into acting on a website without their knowledge or consent. To prevent this, Django includes built-in protection that requires a secret token to be included in POST requests, which ensures that the request is coming from a legitimate source.

XSS

XSS (Cross-Site Scripting): XSS is a type of attack where an attacker injects malicious code into a web page, which can then be executed by unsuspecting users. To prevent this, Django includes built-in protection that automatically escapes any user-provided data in templates and form fields.

Clickjacking

Clickjacking is a type of attack where an attacker tricks a user into clicking on a button or link that is invisible or hidden on a web page. To prevent this, Django includes built-in protection that adds a special header to responses that prevents them from being embedded within other sites.

Any other middleware that is there?

• Session Middleware: This middleware handles the creation and management of user sessions, which can be used to store user-specific data across multiple requests.

• Content Security Policy Middleware: This middleware helps protect against XSS attacks by specifying which sources of content are allowed to be loaded on a page.

• CorsMiddleware: This middleware allows you to specify which domains are allowed to access your site's resources, which can help prevent unauthorized access from other sites.

WSGI

• It will serve as a start point for a webserver.
• Django is designed to work with the WSGI (Web Server Gateway Interface) standard, which allows it to be deployed on a wide variety of web servers and platforms. When you create a new Django project using the start project command, it automatically generates a basic WSGI configuration file for you, which you can customize as needed to fit your specific deployment requirements. This makes it easy to deploy a Django application to a variety of production environments, including popular web servers like Apache and Nginx.

Models file:

The model's file in Django defines the database schema for a project using Python classes.

What is on deleting Cascade?

• On delete cascade is a database constraint that automatically deletes related records in child tables when a record is deleted in the parent table.

A broad understanding of Fields and Validators available to you?

• In Django, models are used to define the structure and behaviour of data that will be stored in a database. Fields are used to define the type of data that will be stored in each field of a model. For example, a CharField is used to store a string of text, while an IntegerField is used to store a numerical value.

• Validators are functions that can be used to check the validity of data before it is saved to the database. For example, we might use a validator to check that a user-entered email address is in a valid format. Validators can be attached to fields in a model to ensure that the data stored in those fields is valid according to your requirements.

Understanding the difference between Python module and Python class?

• A Python module is a file containing Python code, while a Python class is a blueprint for creating objects.

Django ORM:

Using ORM queries in Django Shell

• The Django ORM is a high-level Python API for interacting with relational databases.
• The ORM queries can be tested in the Django shell, which provides an interactive Python environment to execute code. To open the shell use the below command

  python manage.py shell

Turning ORM to SQL in Django Shell

ORM queries can be turned into SQL queries in the Django shell by using the query method.

  queryset = model.objects.all()  print(queryset.query)

What are Aggregations?

• Aggregations are operations performed on data to return a single result, such as count, sum, avg, max, and min.

What are Annotations?

• Annotations allow adding extra data to a query result, such as adding a count of related records to the main record.

What is a migration file? Why is it needed?

• Migration files are generated by Django to manage database schema changes.

What are SQL transactions? (non-ORM concept)

• SQL transactions are a way to group multiple SQL queries into a single atomic operation, ensuring data consistency.

What are atomic transactions?

• Atomic transaction is the smallest set of operations to perform the required steps. Either all of those required operations happen(successfully) or the atomic transaction fails.

References

https://docs.djangoproject.com/en/4.0