Web application, Need they be complex ?

Experience with building a proof of concept with Python/Flask/SQLite

Over the past few weeks, I have started learning #Python, because all the students I teach, and mentor, come with that as the background. Until recently, I was helping them learn "different" programming languages, but with the noise around AI, LLMs and the works, they seem to be more inclined to stay with that.

So, I created a "proof of concept" application for a friend. And I am amazed at the fact that my understanding of "low complexity application is the norm" actually is true. The problem domain is fairly complex, and the security requirements very stringent. But I have been able to put together a foundation that will allow her to get help from just about anyone in the world to keep her application updated.

In my opinion, it cannot get more #lowcode than this. Anything else, is just lock-in. And will come back to bite people very quickly.

By the way, I had a similar experience when I built the same app, using Java, H2DB and the internal HttpServer that ships with Java. The only external thing I needed to use was the Thymeleaf templating engine, and I think it was an overkill. Should have just relied on Java Server Pages.

Yes, you heard that. No Kubernetes. No microservices. No microfrontends. Just plain simple HTML (server rendered). Scales for most users, and keeps the costs low.

Let's talk about the solution I built. The implementation has:

- Every user has their own db, so no chance of crossing over of data

- No one can query for "all the data" at any point, until the tools for that are built

- The app will build more security for the db, that will run password rotation regularly, making the data even more secure

- Built using Python, and Flask - the programming language, and library, with a long history, and every student learns this in college

- Uses SQLite as the database, the smallest, fastest and most popular database in the world. Probably sitting on your computer right now if you use Firefox. If you use an Android or iOS device, then you are using SQLite. SQLite also does not need a server, so we do not keep "unnecessary" data in memory.

- We follow a "keep it light" philosophy, so our server does not use more memory, or CPU than is necessary. We use a "just in time" fetching of data, and release it immediately.

In production, the app will use a secure-by-default strategy with the Caddy Server sitting before our actual python server, that serves certificates to your browser from the most popular, and trusted, certificate provider LetsEncrypt. The certificates are rotated every 60 days, so there is reduced chance of spoofing continuing for longer than is needed.

In the hosted dev deployment, we use an approach called "ssh tunneling" that allows us to host our application without it being exposed to the internet at all. The server we run on, is initiating a onnection to the internet, and then traffic is routed from there. We use Cloudflare, the most trusted provider for internet security for our security.

In local dev, we use Docker Compose, and Caddy to mimic our production setup as far as we can. Caddy allows us to use https, even for localhost urls, and hence build the html pages with the right security warnings addressed.

I use Gitlab CI for building the production image, and Docker Compose for the deployment.

About the Author

The Author, Navneet Karnani, began coding with Java in 1997 and has been a dedicated enthusiast ever since. He strongly believes in the "Keep It Simple and Stupid" principle, incorporating this design philosophy into all the products he has developed.

Navneet works as a freelancer and is available for contracts, mentoring, and advisory roles related to technology and its application in software product development.

Additionally, Navneet serves as a visiting faculty member at FLAME University, teaching the Distributed Systems (CS402) course to the BSc(CS) Hons. batch graduating in 2024.

Driven software engineer (Java since 1997) with a hands-on passion for building impactful tech products. Possesses over 25 years of experience crafting solutions to complex business and technical challenges.

Did you find this article valuable?

Support MandrakeTech Blog by becoming a sponsor. Any amount is appreciated!