Risks of using django manage.py runserver for production in a small scale server, for internal use?
From the manage.py documentation:
DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay.
That's all you need to know to make a decision on this.
If you're deploying a python web app, even for a low-load, internal-use only project, it is still very much worth the extra work to learn a proper way to host the application, as it's quite likely that you'll need to use those skills at some point in the future.
Related videos on Youtube
07 : 01
07 : 48
08 : 11
01 : 40
01 : 24
01 : 00
becko
Updated on September 18, 2022Comments
-
becko over 1 year
I am writing a small web-app with django. It will have no more than 200 users, all internal to my company. I want to set it up as quickly as possible. I am new to django and web-apps.
As I read django's tutorial, they don't recommend using
python manage.py runserverto deploy the production server, but they don't give any reasons.I suspect that for my very modest purposes, django's
runserverwill do fine. Am I correct? What risks am I running?-
becko over 8 yearsrelated: stackoverflow.com/q/23176592/855050
-
-
becko over 8 yearsThis is not my main job, so there is a high change that learning how to properly host a web application won't be that useful to me
-
EEAA over 8 yearsIt will be able to do only one thing at a time, so if it's tied up with a large request from one user, all other users are going to have to wait. It's foolish to state "I don't care much for security". That is the kind of attitude that will end up getting your systems compromised. -
EEAA over 8 yearsI know this isn't the answer you want to hear, but you asked a question on a site for professional systems administrators. So you're getting a professional answer. Taking shortcuts like this, even in a small environment, will always come back to haunt you in the future, and usually at a time when it's least convenient.
-
becko over 8 yearsOkay. So, if I want to do something as simple as possible, what deployment tool do you suggest? (as you probably noticed, I am very new to all this)
-
EEAA over 8 yearsIf you want to ask about that, it would be advisable to post a separate question. Keep in mind, though, that product/tool recommendations are off-topic, and we expect that people have done their due diligence in researching things before coming here to ask a question.
-
becko over 8 yearsSee documentation here. The development server is multi-threaded by default. Or am I missing something? Please fix this so I can accept your answer again.
-
EEAA over 8 years@becko Don't get hung up on threading. This quote from the page you linked to is all you should need: "DO NOT USE THIS SERVER IN A PRODUCTION SETTING. It has not gone through security audits or performance tests. (And that’s how it’s gonna stay." Do. Not. Use. This. In. Production.
-
becko over 8 yearsI agree. I am reading about Apache and mod_wsgi, which seems to be the next simplest thing with Django. But still, you should fix this on your answer.
-
EEAA over 8 years@becko Done. Good luck with your application!
-
becko over 8 yearsOk. And thanks for taking the time to convince me.