Originally posted on betterprogramming.
Know the difference and when to use each of them
When it comes to Bottle, Flask, and Django, you’ll usually see only two of them described in an article at a time. However, these three tools help you accomplish similar tasks when it comes to developing web applications with Python. It seems only right to talk about the strengths and weaknesses of each and when you’d want to use them.
Bottle is a fast, micro web framework for Python. It has no dependencies besides the Python standard library and is so lightweight that the module for it is a single file. It handles everything you need to create small websites or applications. It’s also async-friendly, allowing you to easily keep your application data continuously updated. Another nice feature is it comes with a built-in HTTP development server.
It’s a great choice if you’re building something small or if you want to quickly prototype an idea. Because it is simple to use, it’s also great for newer developers. You can easily understand how to use Bottle for whatever project you’re creating and get your application production-ready fast.
One drawback of Bottle is it has less documentation and support than Flask or Django. If you want to build a big, complex web application, you may find your efforts better supported using one of the other tools. There’s also a number of things that Bottle doesn’t have built-in, such as an admin panel, ORM framework, NoSQL support, REST support, security, web forms, or authentication. However, there are a number of plugins and libraries you can use to add these things to Bottle if you want to do so.
The sticking point will probably come back to everything not having a lot of documentation to work with.
Many developers choose Flask over Bottle because they feel it offers everything Bottle does and more. I would argue that what it has over Bottle is popularity, leading to more documentation, extensions, and plugins being built for use with Flask. If you’re a newer developer trying to do something more complex, Flask might be a better choice than Bottle because chances are someone’s already documented a way to do whatever you’re working on. It’s a toss-up. With Bottle, you can probably read all the code for the module. With Flask, you get tons of content to support your project.
Flask is great with extensions. Using these, you can add an admin panel, support REST, and web form support. It offers built-in security, but it’s minimal. You can increase Flask’s security with tools like Flask-Security, but you’ll have to stay on top of updates to make sure vulnerabilities are patched as they are discovered.
By now, you’re probably thinking, “Hey, I thought you were comparing Bottle to Flask to Django… but you didn’t mention Django in the first two.” There’s a reason for that: Django is pretty different than either Bottle or Flask. If you’re starting out and you just want to build sample code or a small application, I’d immediately recommend you pick between Bottle and Flask for your project. Django is incredibly powerful, handles all kinds of things for you, making your life easy, but it has a steep learning curve.
Django is a web framework that makes it fast and easy to develop web applications… as long as you have time to learn the framework first. One of the best features is that it is secure. If you don’t know much about application security, Django was engineered to help protect your website for you. It gives you a secure way to manage accounts and passwords and prevents you from making mistakes like putting session information in cookies. It enables protection against vulnerabilities like SQL injection, cross-site scripting, cross-site request forgery, and clickjacking.
Bottle and Flask allow you to build sites that include these things, but they’re not handled for you. If you’re an experienced developer who knows how to avoid these security mistakes, then Bottle or Flask might still be great choices. Otherwise, learning Django can save you a lot of security headaches.
When it comes to documentation, Flask probably still beats out Django. However, if you’re willing to put in the time to learn Django, it’s worth it. It has a lot of things you want to do available out of the box. Most things you’d want to do (e.g. handling sessions, authentication, user management, content management, etc.) are available in Django. And while there’s less documentation, there’s still a lot to choose from.
With all that information, which one should you pick? Here are my recommendations:
Use Bottle if
- You are building a code sample. You can use the built-in server, test that it works, then make your sample available for use right away.
- You are building a small web application. If you don’t have a lot of experience handling security details, then your project should be something where security isn’t as much of an issue.
- You want something simple.
- You don’t mind that there isn’t as much documentation for how to use it.
Use Flask if
- You’re building a medium- to large-sized web application.
- You have previous experience with security and know how to handle authentication, sessions, users, and passwords.
- You want to quickly put together a prototype, and you’d prefer lots of documentation, extension, and plugin choices to the simplicity of Bottle.
Use Django if
- You want to build a medium- to large-sized web application.
- Security is a concern. Even if you’re experienced, having a tool that helps you catch mistakes is better than doing it all by yourself most of the time.
- You’re OK with a somewhat opinionated framework.
- You have time to learn the framework.
What about for teaching?
If you’re teaching students how to create things, you may want to actually progress through the tools from Bottle to Flask to Django. The issue with any Django code sample or discussion is that to dive in, the reader does need to know how to use Django already. It’s not immediately obvious how it works. It’s not hard to learn, but it does take maybe a week or two to learn enough about it to start developing.