MINOR PROJECT REPORT
Report submitted in partial fulfilment of the requirement for the degree of
Under the Supervision of Submitted By:
Dr. M Balakrishna Himanshu
(Assistant Professor) 42416401515
USICT,GGSIPU B.Tech(IT)-7th Semester
University School of Information & Communication Technology
GGSIPU, Sec-16B , Dwarka, New Delhi
I hereby certify that the work which is being presented in the project report entitled ” Django Framework based website- ResTrack” in the fulfilment of degree of B.Tech (IT) in USICT, GGSIPU, Delhi is an authentic record of my own work carried under the supervision of Dr. M Balakrishnan, USICT. The matter embodied in this project and not submitted for the award of any other degree.
Date: 04/09/2018 Himanshu
I certify that the above statement made by the student is correct to the best of my knowledge and belief.
DATE: 04/09/2018 (PROJECT MENTOR)
DR. M BALAKRISHNA
Every work accomplished is a pleasure – a sense of satisfaction. However a number of people always motivate criticize and appreciate a work with their objective ideas and opinions, hence We would like to use this opportunity to thank all, who have directly or indirectly helped us to accomplish this project.
Firstly I would like to thank Dr. M Balakrishna without whose support this project could not be completed. Next we would like to thank all the people, who gave their valuable time and feedback to this project. We would also like to thank my college for supporting us with resources, which beyond any doubt have helped me.
Let me also use this opportunity to thank team members who have contributed to this project with their invaluable opinions and suggestions, which has gone a long way in soothing our rough edges as a teammate.
TABLE OF CONTENTS
Introduction to website
Introduction to Django
Introduction to python
Software Requirement Specification
Data Flow Diagram
Use Case Diagram
Work Done/Working of Project
Comparison and Analysis
Websites with Django Framework are more secure.
Conclusion and Scope
Scope of project
List of references
Django is a free and open-source web framework. Django’s primary goal is to ease the creation of complex, database-driven websites. Django emphasizes reusability and “pluggability” of components, less code, low coupling, rapid development, and the principle of don’t repeat yourself. Python is used throughout, even for settings files and data models. Django also provides an optional administrative create, read, update and delete interface that is generated dynamically through introspection and configured via admin models.
Django is used which is an open source full stack web development framework used to develop full-fledged websites in python. It is also very efficient and modular compared to other web frameworks.
The project is totally built at administrative end and thus only the administrator is guaranteed the access. All the data will be handled by admin at backend using SQLite (RDMBS).
The aim of the project is to reduce the manual work of finding/tracking good restaurant in your locality/area. The main objective of this website will be to help users to locate/search nearby restaurants and also order food online. The user will be able to locate a list of restaurants based on the location & type of the cuisine of his/her choice or user can make a choice of the best restaurant based on the rating.
Introduction to Website
This website is based on Django framework “ResTrack” written in python .This website creates an interface through which customer and restaurants can interact with each other. Django is used to create a secure environment which makes this website different from other websites.
Django is a free and open-source web framework, written in, which follows the model-view-template (MVT) architectural pattern. It is maintained by the Django Software Foundation (DSF), an independent organization established as a non-profit.
1.2 Introduction to Django
Django’s primary goal is to ease the creation of complex, database-driven websites. Django emphasizes reusability and “pluggability” of components, less code, low coupling, rapid development, and the principle of don’t repeat yourself. Python is used throughout, even for settings files and data models. Django also provides an optional administrative create, read, update and delete interface that is generated dynamically through introspection and configured via admin models.
Some well-known sites that use Django include the Public Broadcasting Service, Instagram, Mozilla, The Washington Times, Disqus, Bitbucket, and Nextdoor. It was used on Pinterest, but later the site moved to a framework built over Flask.
1.3 Introduction to Python
Python is an interpreted high-level programming language for general-purpose programming. Created by Guido van Rossum and first released in 1991, Python has a design philosophy that emphasizes code readability, notably using significant whitespace. It provides constructs that enable clear programming on both small and large scales. In July 2018, Van Rossum stepped down as the leader in the language community after 30 years.
Python features a dynamic type system and automatic memory management. It supports multiple programming paradigms, including object-oriented, imperative, functional and procedural, and has a large and comprehensive standard library.
Python interpreters are available for many operating systems. CPython, the reference implementation of Python, is open source software and has a community-based development model, as do nearly all of Python’s other implementations. Python and CPython are managed by the non-profit Python Software Foundation.
SOFTWARE REQUIREMENT SPECIFICATION
A Software Requirements Specification (SRS) – a requirements specification for a software system – is a complete description of the behavior of a system to be developed. Use cases are also known as functional requirements. In addition to use cases, the SRS also contains non-functional (or supplementary) requirements. Non-functional requirements are requirements which impose constraints on the design or implementation (such as performance engineering requirements, quality standards, or design constraints).
2.1. Software Requirements
Languages used: Python , HTML
Python versions: 3.6.X, 3.7.X.
Framework used: Django
Databse : SQLite3 (RDBMS).
Included Python packages: certify, chardet, dj-database-url, Django, gunicorn, idna, jsonify, Pillow, psycopg2, python-decouple, pytz, requests, urllib3, whitenoise.
2.2. Hardware Requirements
Processors: Intel Core i3 Processor
Disk space: 1GB
Operating Systems: Windows 7, Mac OS , Linux
3.1. E-R DIAGRAM (ENTITY RELATIONSHIP DIAGRAM)
3.2 DATA FLOW DIAGRAMS
3.3 USE CASE DIAGRAM
WORKING OF PROJECT
1. The project is to find nearby restaurants using database. It starts with a login page that includes two field username and password and two buttons login and sign up.
2. It starts with a Home page that includes two buttons one to find restaurants and other is to add a restaurant of you are owner of a restaurants.
3. If you are an admin then website can be handled by adding /admin to the website link.
4. Once the restaurants are added .They can be reviewed.
5. When the restaurants are added, the people can leave their comment on how much they liked the restaurant or hated.
6. Once the restaurants are added only admin of the website can manipulate the data of the restaurants or the restaurant’s owner.
7. At admin end, the new restaurants can be added or the old ones which are closed can be removed from the database and website aswell.
The project outputs are shown form wise for better understanding of the project.
5.1.1 Showing Login page
5.1.2 Showing the signup page
5.1.3 Showing the main screen
5.1.4 Showing restaurants list
5.1.5 Review Page
5.1.6 Restaurant’s Photos
5.1.7 Add new restaurant page
5.1.8 Administration Page
6.1 WEBSITE WITH DJANGO FRAMEWORK ARE MORE SECURE
CROSS SITE SCRIPTING (XSS) PROTECTION
Using Django templates protects you against the majority of XSS attacks. However, it is important to understand what protections it provides and its limitations. Django templates escape specific characters which are particularly dangerous to HTML. While this protects users from most malicious input, it is not entirely foolproof.
CROSS SITE REQUEST FORGERY (CSRF) PROTECTION
CSRF attacks allow a malicious user to execute actions using the credentials of another user without that user’s knowledge or consent.
Django has built-in protection against most types of CSRF attacks, providing you have enabled and used it where appropriate. However, as with any mitigation technique, there are limitations. For example, it is possible to disable the CSRF module globally or for particular views. You should only do this if you know what you are doing. There are other limitations if your site has subdomains that are outside of your control.
CSRF protection works by checking for a secret in each POST request. This ensures that a malicious user cannot simply “replay” a form POST to your website and have another logged in user unwittingly submit that form. The malicious user would have to know the secret, which is user specific (using a cookie).
When deployed with HTTPS, CsrfViewMiddleware will check that the HTTP referrer header is set to a URL on the same origin (including subdomain and port). Because HTTPS provides additional security, it is imperative to ensure connections use HTTPS where it is available by forwarding insecure connection requests and using HSTS for supported browsers.
Be very careful with marking views with the csrf_exempt decorator unless it is absolutely necessary.
SQL INJECTION PROBLEM
SQL injection is a type of attack where a malicious user is able to execute arbitrary SQL code on a database. This can result in records being deleted or data leakage.
Django’s query sets are protected from SQL injection since their queries are constructed using query parameterization. A query’s SQL code is defined separately from the query’s parameters. Since parameters may be user-provided and therefore unsafe, they are escaped by the underlying database driver.
Django also gives developers power to write raw queries or execute custom sql. These capabilities should be used sparingly and you should always be careful to properly escape any parameters that the user can control. In addition, you should exercise caution when using extra() and HYPERLINK “https://docs.djangoproject.com/en/2.1/ref/models/expressions/” l “django.db.models.expressions.RawSQL” o “django.db.models.expressions.RawSQL” RawSQL.
Clickjacking is a type of attack where a malicious site wraps another site in a frame. This attack can result in an unsuspecting user being tricked into performing unintended actions on the target site.
Django contains clickjacking protection in the form of the X-Frame-Options middleware which in a supporting browser can prevent a site from being rendered inside a frame. It is possible to disable the protection on a per view basis or to configure the exact header value sent.
The middleware is strongly recommended for any site that does not need to have its pages wrapped in a frame by third party sites, or only needs to allow that for a small section of the site.
CONCLUSION AND SCOPE
The state of web-development is in a constant flux and you can never surely say when a game changer technology would come and change the current trends entirely, so it would be wise to take a peek into any new technology that is gaining enough momentum and stay updated with the current trends.
But, having said that, I don’t think python and django are going anywhere in the next 10–15 years. Let’s talk facts:
Python is one of the most used languages in 2016, with major tech giants including Google and Quora being its users.
It also has a huge open-source fanbase, currently ranking 5th in the github repository trends. Also, according to Google Trends, economically developed countries – US, China and South Korea – are its top-3 users, which further strengthens its position.
Python has a large number of web-frameworks, including scalability-proven and time-tested frameworks like Django, Flask and Pyramid.
Django is the most popular and extensive among all of the python frameworks. It is good for developing complex applications with many individual parts. Its major users include Pinterest, Instagram, Mozilla, The Washington Times, Disqus, Bitbucket HYPERLINK “https://en.wikipedia.org/wiki/Bitbucket” “_blank” and Nextdoor.
The popularity of the framework is also on a constant rise. Check the trends here:
Django CSRF Usage Statistics
Surely, Django is a little slow in incorporating new trending feature like Job Queues(which can be fulfilled with 3rd party libraries like Celery), but the explicitness of the framework separates it from its competitors like RoR and Laravel, which rather prefers the automagic approach. Explicitness is enjoyed by many programmers who wants to know what is happening underneath the surface.
Summing up, I would say, things are looking bright for both Python(in general) and Django(in specific), and you will be in a safe place for the next 10–15 years (atleast), if you are investing you time in Python(and Django) presently, but don’t forget to take some time out to know what currently trending frameworks has to offer, who knows, it might suit your needs better.
Mastering Django : Core By Nigel George