Hubbry Logo
Web2pyWeb2pyMain
Open search
Web2py
Community hub
Web2py
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Web2py
Web2py
Web2py
View on Wikipedia
from Wikipedia
web2py Enterprise Web Framework
Original authorMassimo Di Pierro
Initial releaseSeptember 27, 2007; 18 years ago (2007-09-27)
Stable release
3.1.1[1] Edit this on Wikidata / 19 December 2025; 49 days ago (19 December 2025)
RepositoryWeb2py Repository
Written inPython
PlatformCross-platform
TypeWeb application framework
LicenseGNU Lesser General Public License version 3 (LGPLv3)
Websitewww.web2py.com

Web2py is an open-source web application framework written in the Python programming language. Web2py allows web developers to program dynamic web content using Python. Web2py is designed to help reduce tedious web development tasks, such as developing web forms from scratch, although a web developer may build a form from scratch if required.[2]

Web2py was originally designed as a teaching tool with emphasis on ease of use and deployment. Therefore, it does not have any project-level configuration files. The design of web2py was inspired by the Ruby on Rails and Django frameworks. Like these frameworks, web2py focuses on rapid development, favors convention over configuration approach and follows a model–view–controller (MVC) architectural pattern.

Overview

[edit]

Web2py is a full-stack framework in that it has built-in components for all major functions, including:

Web2py encourages sound software engineering practices such as

Web2py uses the WSGI protocol, the Python-oriented protocol for communication between web server and web applications. It also provides handlers for CGI and the FastCGI protocols, and it includes the multi-threaded, SSL-enabled Rocket[6] wsgiserver.

Distinctive features

[edit]

Web-based integrated development environment (IDE)

[edit]

All development, debugging, testing, maintenance and remote database administration can (optionally) be performed without third-party tools, via a web interface, itself a web2py application. Internationalization (adding languages and writing translations) can also be performed from this IDE. Each application has an automatically generated database administrative interface, similar to Django. The web IDE also includes web-based testing.

Applications can also be created from the command line or developed with other IDEs.[7] Further debugging options:[8]

  • Wing IDE allows graphical debugging of web2py applications[9] as you interact with it from your web browser, you can inspect and modify variables, make function calls etc.
  • Eclipse/PyDev — Eclipse with the Aptana PyDev plugin — supports web2py as well.[10][11]
  • The extensible pdb debugger is a module of Python's standard library.
  • With the platform-independent open-source Winpdb debugger, one can perform remote debugging[12] over TCP/IP, through encrypted connection.[13]

The Hello World program with web2py in its simplest form (simple web page[14] with no template) looks like: 

def hello():
    return 'Hello World'

Web2py includes pure Python-based template language, with no indentation requirements and a server-side Document Object Model (DOM). The template system works without web2py.[15] Joomla 1.x templates can be converted to web2py layouts.[16]

Web2py also includes two markup libraries: the markdown2 text-to-HTML filter, which converts Markdown markup to HTML on the fly; and markmin which is inspired by markdown but supports tables, html5 video/audio and oembed protocol.

A controller without a view automatically uses a generic view that render the variables returned by the controller, enabling the development of an application's business logic before writing HTML. The "Hello World" example using a default template: 

def hello():
    return dict(greeting='Hello World')

The dict() output of an action is automatically rendered in HTML if the page is request with a .html extension, in JSON if the page is requested with a .json extension, in XML if requested with .xml. It supports other protocols including jsonp, rss, ics, google maps, etc. and is extensible.

Here is a more complex code example which defines a table, and exposes a grid to logged in users: 

db.define_table('thing',Field('name',notnull=True))

@auth.requires_login()
def hello():
    return dict(grid = SQLFORM.grid(db.thing))

Ticketing system

[edit]

Each web2py application comes with a ticketing system:

  • If an error occurs, it is logged and a ticket is issued to the user. That allows error tracking.
  • Errors and source code are accessible only to the administrator, who can search and retrieve errors by date or client-IP. No error can result in code being exposed to the users.

Portable cron

[edit]

Cron is a mechanism for creating and running recurrent tasks in background. It looks for an application-specific crontab file which is in standard crontab format. Three modes of operation are available:

  • Soft cron: cron routines are checked after web page content has been served, does not guarantee execution precision. For unprivileged Apache CGI/WSGI installs.
  • Hard cron: a cron thread gets started on web2py startup. For Windows and Rocket/standalone web2py installs.
  • System cron: cron functions get force-called from the command line, usually from the system crontab. For Unix/Linux systems and places where the cron triggers need to be executed even if web2py is not running at the moment; also good for CGI/WSGI installs if you have access to the system crontab.

Scheduler

[edit]

Since version 2.3 the use of cron is discouraged since web2py comes with a master/worker scheduler. Jobs can be defined in models and are scheduled by creating an entry in the database. Users can start work processes who pickup and execute tasks in background. The schedule is better than cron because it allows to specify more parameters (start time, stop time, number of repetitions, number of trials in case of error) and do a better job at running within constant resource utilization.

Bytecode distribution

[edit]

Web2py can compile web applications for distribution in bytecode compiled form, without source code. Unlike frameworks that use specialized template languages for their views, Web2py can also compile the view code into bytecode, since it is pure Python code.

Global Environment

[edit]

Web2py is unique in the world of Python web frameworks because models and controllers are executed, not imported. They are not modules. They are executed in a single global environment which is initialized at each HTTP request. This design decision has pros and cons.

The major pro is the ease of development, specifically for rapid prototyping. Another pro is that all the objects defined within this environment are cleanly reset at each HTTP request and never shared across requests. This means the developer does not need to worry about changing the state of an object (for example the readable attribute of a database field) or worry about a change leaking to other concurrent requests or other applications. A third advantage is that web2py allows the coexistence of multiple applications under the same instance without conflicts even if they use different versions of the same modules or different modules with the same name.

The main disadvantage of the global environment is that model files and controller files are not modules and the order of execution matters (although it can be specified using conditional models). Naming conflict is more likely to occur than in normal Python modules. Some standard Python development tools may not understand objects defined in models and controllers. Moreover, developers must be aware that code in models is executed at every request and this may cause a performance penalty. Nothing in web2py prevents developers from using and importing normal Python modules (model-less approach) and for this purpose web2py provides a thread local object (current) to facilitate access to objects associated to the current request. Yet, in this case, the developer has to be aware of the same pitfalls that other frameworks incur: changing the state of an object defined in a module may affect other concurrent requests.

Another con is that, because models and controllers are not class-based, efficient code reuse becomes more difficult, particularly as the inability to inherit from a parent controller (e.g. the ApplicationController in Ruby on Rails) means that common controller functionality must be referenced repeatedly across all controller files.

Supported environments

[edit]

Operating systems, Python versions & implementations, virtual machines, hardware

[edit]

web2py runs on Windows, Windows CE phones, Mac, Unix/Linux, Google App Engine, Amazon EC2, and almost any web hosting via Python 2.7/3.5/3.6/pypy.[2]

The current binary version of web2py (for Windows or Mac) includes Python 2.7, but the source version can be run on 2.7 and 3.5+. Support for Python 2.6 has been dropped on 2017.

web2py since v1.64.0 runs unmodified on Java with Jython 2.5, without any known limitation.[17]

web2py code can run with IronPython on .NET.[18] Limitations:

  • no csv module (so no database I/O);
  • no third party database drivers (not even SQLite, so no databases at all);
  • no built-in web server (unless you cripple it by removing signals and logging).

The web2py binary will[19] run from a USB drive or a portable hard drive without dependencies, like Portable Python.

Web servers

[edit]

Web2py can service requests via HTTP and HTTPS with its built-in Rocket server,[20] with Apache,[21] Lighttpd,[22] Cherokee,[23] Hiawatha, Nginx and almost any other web server through CGI, FastCGI, WSGI, mod_proxy,[24][25][26] and/or mod_python.

IDEs and debuggers

[edit]

While a number of web2py developers use text editors such as Vim, Emacs or TextMate Web2py also has a built-in web-based IDE. Others prefer more specialized tools providing debugging, refactoring, etc.

Database handling

[edit]

The database abstraction layer (DAL) of web2py dynamically and transparently generates SQL queries and runs on multiple compatible database backend without the need for database-specific SQL commands (though SQL commands can be issued explicitly).

SQLite is included in Python and is the default web2py database. A connection string change allows connection to Firebird, IBM Db2, Informix, Ingres, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and Google App Engine (GAE) with some caveats. Specialities:

  • Multiple database connections.
  • Automatic table creates and alters.
  • Automatic transactions.
  • Distributed transactions:
    • Since web2py v1.17 with PostgreSQL v8.2 and later,[29][30] because it provides API for two-phase commits.
    • Since web2py v1.70.1 with Firebird and MySQL (experimental).
  • GAE is not a relational store, but web2py emulates certain operations.

The DAL is fast, at least comparable with SQLAlchemy and Storm.[31]

Web2py implements a DAL, not an ORM. An ORM maps database tables into classes representing logical abstractions from the database layer (e.g., a User class or a PurchaseOrder class), and maps records into instances of those classes. The DAL instead maps database tables and records into instances of classes representing sets and records instead of higher-level abstractions. It has very similar syntax to an ORM but it is faster, and can map almost any SQL expressions into DAL expressions. The DAL can be used independently of the rest of web2py.[32]

Here are some examples of DAL syntax: 

db = DAL("postgresql://user:pass@localhost/db", pool_size=10)
db.define_table("person", Field("name"), Field("image", "upload"))
db.person.insert(name="Martin", image=open("filename.png"))
rows = db((db.person.name == "Martin") | db.person.name.contains("T")).select(
    orderby=db.person.name.lower()
)

The latest version of the DAL has support for 2D GIS functions with Spatialite and PostGIS. The current API are experimental because of a possible move to 3D APIs.

Automatic database migrations

[edit]

web2py supports database migrations—change the definition of a table and web2py ALTERs the table accordingly. Migrations are automatic, but can be disabled for any table, and migration is typically disabled when an application is ready for live distribution. Migrations and migration attempts are logged, documenting the changes.

Limitations:

  • SQLite cannot alter table and change a column type, but rather simply stores new values according to the new type.
  • GAE has no concept of alter-table, so migrations are limited.

Licenses

[edit]

Web2py code is released under GNU Lesser General Public License (LGPL) version 3 as of web2py version 1.91.1.[33]

Web2py code before version 1.91.1 was released under GNU GPL v2.0 with commercial exception.

Various third-party packages distributed with web2py have their own licenses, generally public domain, MIT or BSD-type licenses. Applications built with web2py are not covered by the LGPL license.

Web2py is copyrighted by Massimo DiPierro. The web2py trademark is owned by Massimo DiPierro.

Awards

[edit]

In 2011 InfoWorld ranked web2py highest among the top six Python web frameworks, awarded web2py the Bossie award 2011 for best open source application development software. In 2012 web2py won the InfoWorld Technology of the Year award.[34][35]

Publications

[edit]

web2py Book

[edit]

The base web2py documentation is The Official web2py Book, by Massimo DiPierro. The manual is a full web2py application and it's freely available online,[36] in PDF format or printed form.

  • 1st Edition: out of print. Wiley; September 16, 2008; 256 pages; ISBN 978-0-470-43232-7.
  • 2nd Edition: web2py Manual. Wiley; August 26, 2009; 341 pages; ISBN 978-0-470-59235-9.
  • 3rd Edition: Lulu; September 25, 2010 357 pages.
  • 4th Edition: Lulu; December 9, 2011 583 pages.
  • 5th Edition: PDF Copy; March 3, 2013 614 pages; ISBN 978-0-578-12021-8.
  • latest online sources: on GitHub[37]

Online documentation

[edit]

Online documentation is linked from the web2py home page, with cookbook, videos, interactive examples, interactive API reference, epydoc s (complete library reference), FAQ, cheat sheet, online tools etc.

  • Cheat sheet for web2py.
  • web2pyslices, recipes posted using the movuca social network in web2py.
  • Crash Course in Web2py (5-part series).
  • Web2py slides (old).

Videos

[edit]
  • web2py Enterprise Web Framework Tutorial.
  • web2py "Shootout" video tutorial.
  • web2py on the Google appengine.
  • web2py: Create, edit, and deploy a basic web app.

Printed

[edit]
  • "web2py application development cookbook", Packt, 2012
  • Web programming with web2py; Python Magazine; Marco Tabini & Associates, Inc.; June 2008

Background

[edit]

Developers

[edit]

The lead developer of web2py is Massimo DiPierro, an associate professor of Computer Science at DePaul University in Chicago. As of 2011, the web2py homepage lists over 70 "main contributors".[38]

Development source code

[edit]

The web2py development source code is available from the main repository:

Third-party software included in web2py

[edit]

History and naming

[edit]

The source code for the first public version of web2py was released under GNU GPL v2.0 on 2007-09-27 by Massimo DiPierro as the Enterprise Web Framework (EWF). The name was changed twice due to name conflicts: EWF v1.7 was followed by Gluon v1.0, and Gluon v1.15 was followed by web2py v1.16. The license was changed to LGPLv3 as of web2py version 1.91.1 on 2010-12-21.

Applications built on Web2py

[edit]

Notes

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Web2py

View on Grokipedia
from Grokipedia
web2py is a free, open-source, full-stack web framework designed for the agile development of secure, database-driven web applications, written and programmable in the Python programming language. It follows the model-view-controller (MVC) architectural pattern and includes a database abstraction layer (DAL) that supports multiple relational databases such as SQLite, PostgreSQL, MySQL, SQL Server, Oracle, and IBM DB2. Key features include built-in security mechanisms for input validation and output escaping to prevent common web vulnerabilities like SQL injection and cross-site scripting, a web-based administrative interface for application management without requiring server-side file access, and no need for installation or configuration files, allowing it to run out-of-the-box on any operating system supporting Python. The framework's core libraries are lightweight, totaling approximately 1.4 MB, and it provides backward compatibility guarantees for applications developed since its inception. Developed by physicist and computer scientist Massimo Di Pierro, web2py was first released in October 2007 as a tool initially intended for teaching concepts in Python. It has since evolved into a production-ready framework licensed under the Lesser General Public License (LGPL) version 3, enabling both open-source and commercial use. Originally compatible with Python 2.7, later versions added support for Python 3.5 and higher; as of 2024, it supports Python 3.9 and later, with Python 2 discontinued. The framework emphasizes the paradigm by facilitating , multi-site hosting within a single instance, and integration with browser-based tools for editing, deploying, and debugging applications. web2py receives limited maintenance, with the current stable version being 3.0.12 as of September 6, 2025, though it is not recommended for new projects. It serves as the foundation for py4web, its successor focused on Python 3 exclusivity and enhanced performance. Its design prioritizes developer productivity and , making it suitable for building everything from simple prototypes to complex enterprise applications, and it includes utilities like a ticketing for error tracking and support for RESTful APIs.

Introduction

Overview

web2py is a free, open-source full-stack written in Python, designed for the agile development of secure, database-driven web applications. It emphasizes and deployment, enabling developers to build dynamic web content without extensive setup. Initially released in October 2007, web2py follows a Model-View-Controller (MVC) architecture to streamline the creation of scalable applications. Adopting a "batteries included" , web2py provides essential tools out of the box, including a built-in multi-threaded WSGI for handling HTTP requests, support for multiple SQL databases such as , , and , and a web-based (IDE) for editing code, managing databases, and deploying applications directly through a browser. Core components like the () offer ORM-like functionality for database interactions, while built-in CRUD scaffolding allows quick generation of forms and interfaces for . The framework's design prioritizes ease of use with no installation or configuration files required, security by default through automatic input validation, output escaping to prevent (XSS) and injection attacks, and (CSRF) protection, alongside scalability via support for multiple applications per instance and background task execution. It ensures portability across platforms, running on and interpreters for Python 2.7 and 3.5+, as well as operating systems like Windows, macOS, , and cloud environments such as and Amazon EC2.

Current Status

As of November 2025, the latest stable release of web2py is version 3.0.12, timestamped September 6, 2025, which includes minor updates focused on stability and compatibility enhancements. This version maintains the framework's core architecture while addressing lingering issues from prior iterations. Web2py receives ongoing limited support, primarily through bug fixes, but it is officially not recommended for new developments due to its aging design and lack of modern features like asynchronous processing. The successor framework, py4web, has been introduced as a more efficient alternative optimized for Python 3.x projects, with easier porting options for existing web2py applications. No full end-of-life has been announced, though migration to py4web is emphasized for better integration with contemporary Python ecosystems, including async capabilities. Regarding Python compatibility, version 2.27.1 is the last to provide full support for Python 2.7. As of version 3.0.12, web2py supports Python 3.9 and later, with support for earlier Python 3 versions and Python 2 discontinued. The community remains active via the repository (web2py/web2py), where bug fixes continue, though commit frequency has been low since 2020 with sporadic updates tied to releases. User groups and forums, including the py4web Google Group, provide legacy support and migration guidance.

History

Origins and Development

web2py was created by Massimo Di Pierro, a with a PhD in high energy physics from the and a full professor in the School of Computing at in . Di Pierro developed the framework starting in 2007 as a personal project to address challenges in teaching server-side and supporting research needs in academic and scientific settings, aiming to make building secure, database-driven web applications as straightforward as developing desktop software for non-experts. The initial version 1.0, released in October 2007, introduced core elements such as the web-based administrative interface, reflecting Di Pierro's emphasis on zero-configuration deployment and for collaborative scientific and communication over the . This release was licensed under GPL2 with a commercial exception, establishing an open-source model that encouraged adoption in educational and research environments, including U.S. Department of Energy projects. web2py drew on Python's simplicity and principles like DRY (Don't Repeat Yourself), while incorporating concepts for interactive applications; it also borrowed ideas from , such as convention-over-configuration and for quick app generation, but adapted them into a Pythonic (DAL) to ensure database neutrality without . The source code is hosted on GitHub under the repository web2py/web2py, following a migration from the original Mercurial repository on Google Code around 2012, operating as a free and open-source full-stack framework programmable in Python. Development follows a Git-based workflow where contributors fork the repository, work on feature or issue branches, and submit pull requests; a key practice involves rebasing to rewrite commit history, collapsing multiple commits into cleaner ones for stable releases and maintaining a tidy master branch separate from the development trunk. This process supports backward compatibility from the earliest versions and facilitates community contributions while preserving the framework's focus on security and ease for scientific and educational use.

Naming and Milestones

The name "web2py" reflects the paradigm, in which the web functions as the central platform for computing and development, underscoring the framework's emphasis on simplicity and accessibility for Python-based web applications. web2py's development began with its initial public release in October 2007 by physicist and software developer Massimo Di Pierro, initially as a teaching tool for server-side web programming. An early pivotal event was the integration of core libraries starting in version 1.28, enhancing client-side interactivity without requiring external dependencies. Compatibility with was added in version 1.30, facilitating widespread adoption for cloud-deployed applications around 2010. The framework reached peak popularity between 2011 and 2012, highlighted by the 2011 Bossie Award for best open-source development software and the 2012 InfoWorld Technology of the Year award, which recognized its maturity in rapid, secure . In version 1.91.1, the shifted from GPLv2 with a commercial exception to LGPLv3, broadening its commercial usability. Version evolution progressed from the 1.x series, which provided basic scaffolding for database-driven apps, to the 2.x series introducing experimental Python 3 support in 2.15.1 and modularization of the into pyDAL in 2.10.1. The 3.x series, starting around 2024, focused on stabilization with full support for Python 3.9+ and no for Python 2.7. By 2020, development shifted toward maintenance mode, with the last release in March of that year, though official updates continued, culminating in version 3.0.12 in September 2025. In parallel, concepts for py4web—a lighter, faster successor framework sharing pyDAL and templates—emerged around 2018, with its first public releases in 2020.

Core Features

Web-based Integrated Development Environment

web2py features a built-in web-based (IDE) known as the admin interface, which allows developers to create, edit, upload, and manage applications entirely through a web browser without requiring any external tools or installations. This interface serves as a central hub for full-cycle application development, including browsing and editing files such as models, views, and controllers via an integrated . It also provides access to an error ticket viewer, where developers can inspect and resolve runtime errors and exceptions generated during application execution. Unique to web2py, the IDE supports advanced editing capabilities like for Python directly in the browser, enhancing quality and efficiency without needing desktop IDEs. Additionally, it includes an interactive shell for each application, enabling real-time testing of snippets and within the web environment. One-click deployment options allow instant packaging, bytecode compilation, and distribution of applications from the interface. The workflow in the admin IDE begins with new applications from built-in templates, such as the "" application, which provides a starting point for . It integrates seamlessly with the (DAL) for quick editing of database models and migrations directly in the browser. This browser-centric approach ensures portability, as developers can access and work on applications from any device with connectivity and a compatible browser. Key advantages of this IDE include zero setup time, as web2py requires no configuration files or pre-installed dependencies, allowing immediate development upon unpacking the framework. The interface seamlessly integrates with the built-in ticketing system for error handling, streamlining debugging in team environments. Overall, these features reduce barriers to entry and promote agile development practices.

Database Abstraction Layer and Migrations

The web2py Database Abstraction Layer (DAL) serves as an object-relational mapper that abstracts database-specific SQL differences, allowing developers to interact with databases using Pythonic syntax without writing raw SQL. It maps Python objects to database entities such as tables, fields, records, and queries, dynamically generating SQL statements in real time based on the backend . This abstraction enables seamless portability, as the same code runs unchanged across supported databases, with the DAL handling vendor-specific variations internally. Unlike external ORMs such as SQLAlchemy, the DAL is natively integrated into web2py and requires no additional dependencies for core functionality. Schema definition in the DAL uses a declarative Python syntax, where tables are created via the define_table method on a DAL instance, specifying fields with the Field class. For example, a basic table might be defined as follows:

db = DAL("sqlite://storage.sqlite") db.define_table('person', Field('name', 'string'), Field('email', 'string', unique=True))

db = DAL("sqlite://storage.sqlite") db.define_table('person', Field('name', 'string'), Field('email', 'string', unique=True))

This creates a table named person with name and email fields, automatically inferring primary keys (typically an id field of type integer) unless specified otherwise. Field types include string, integer, text, reference for foreign keys, list:string for arrays, and specialized types like upload for file handling or geoPoint for spatial data. The DAL supports additional options such as default values, requires validators (e.g., IS_EMAIL for email fields), and format for custom record representations. Tables can be dropped, truncated, or imported from CSV files using built-in methods like db.table.drop() or db.table.import_from_csv_file(filename). The natively supports a wide range of relational databases through dedicated adapters, including , , , (MSSQL), , , Firebird, Informix, and Sybase. Some distributions of web2py include drivers for and out of the box, while others like require external installations such as psycopg2. Connections are established via URI strings, for example, DAL("postgres://user:pass@localhost/dbname") or DAL("mssql://user:pass@host/db"), allowing multiple DAL instances for the same or different databases within an application. This broad compatibility ensures that applications can switch backends with minimal code changes, as the DAL translates operations into dialect-appropriate SQL. Automatic migrations in the DAL enable on-the-fly schema evolution without manual intervention, detecting differences between the defined model and the existing database structure upon application startup. By default, the migrate parameter in DAL or define_table is set to True, prompting the DAL to generate and execute ALTER statements for additions, modifications, or deletions of tables and fields while preserving data integrity. For instance, adding a new field to an existing table triggers an automatic ALTER TABLE command. Migrations are versioned and tracked in per-table files (e.g., person.table) stored in the application's databases folder, named based on an MD5 hash of the connection string to ensure consistency across environments. These files contain schema metadata, allowing the DAL to compare versions and apply changes idempotently. To avoid downtime in production, developers can use fake_migrate=True in the DAL constructor, which rebuilds metadata without altering the database, or disable migrations entirely with migrate=False for static schemas. Rollbacks for schema changes are manual, involving restoration of previous migration files or use of transaction-level db.rollback() for uncommitted data operations. The DAL integrates input sanitization during migrations and queries to prevent SQL injection, though broader security mechanisms are handled elsewhere. CRUD operations are facilitated through intuitive DAL methods that build on the abstracted query language, supporting complex queries with joins, ordering, and filtering. For creation, db.table.insert(**kwargs) adds records, returning the new ID; updates use db(query).update(**kwargs); deletions employ db(query).delete(); and reads leverage db(query).select(fields, **options). A representative query with join and orderby might look like:

rows = db((db.person.id == db.address.person_id) & (db.person.name == 'Alice')).select( db.person.ALL, db.address.city, orderby=db.person.name | db.address.city )

rows = db((db.person.id == db.address.person_id) & (db.person.name == 'Alice')).select( db.person.ALL, db.address.city, orderby=db.person.name | db.address.city )

This fetches joined records from person and address tables, ordered by name and city. For form generation and validation, the DAL provides helpers like db.table.field.validate(value), which checks against field constraints and returns errors, enabling automatic CRUD form creation via SQLFORM helpers that sanitize inputs. The query syntax uses logical operators (==, & for AND, | for OR) and supports pagination with limitby=(start, count), ensuring efficient handling of large datasets across backends. Overall, these operations maintain portability by generating backend-specific SQL, such as converting Python lists to JSON arrays in PostgreSQL or array fields in MySQL.

Security and Validation Mechanisms

web2py adopts a "secure by default" philosophy, embedding protections against common web vulnerabilities directly into its core framework to minimize developer errors and proactively address issues outlined in the Top 10. This approach ensures that applications are hardened from the outset, requiring explicit opt-outs for any relaxation of security measures. For instance, the framework automatically escapes all variables rendered in , XML, and views to prevent (XSS) attacks, treating output as untrusted by default. Similarly, (CSRF) is mitigated through the generation of one-time random tokens for each form submission, combined with unique identifiers for session cookies to block unauthorized actions and double submissions. The (DAL) further bolsters security by parameterizing queries and escaping data, effectively eliminating risks without manual intervention. Complementing this, web2py's validation system enforces field-level checks on forms and inputs using built-in validators such as IS_EMAIL for formats, IS_INT_IN_RANGE for numeric bounds, and custom functions for complex rules, ensuring data integrity and rejecting malformed submissions before processing. The authentication and authorization system, powered by the Auth class, implements (RBAC) through predefined tables like auth_user, auth_group, and auth_permission, allowing granular CRUD (create, read, update, delete) permissions tied to user roles or groups. Developers can enforce these via decorators like @auth.requires_login() or @auth.requires_permission('read', 'table'), with support for and integration with external providers such as LDAP or . Session management in web2py prioritizes by storing sessions server-side by default (configurable to file, database, or memcache), using encrypted with UUIDs to prevent hijacking and tampering, particularly for non-localhost deployments. Brute-force login attempts are countered through built-in and account lockouts in the Auth system. Additional safeguards include integration, such as , for high-risk forms to deter automated abuse, and secure file upload handling that renames files with random UUIDs to avoid directory traversal exploits. Passwords are hashed using robust algorithms like +SHA-512, and enforcement is straightforward via configuration flags. These mechanisms collectively reduce the , making web2py suitable for rapid development of secure applications.

Task Scheduling and Automation

web2py incorporates a ticketing system to manage runtime errors effectively, generating a unique ticket identifier for each exception encountered during application execution. This system logs comprehensive details, including stack traces, request variables, session state, and environment specifics such as the operating system and Python version, ensuring administrators have full context without exposing sensitive information to end users. The tickets are stored in the application's error log and can be accessed through the web-based administrative interface for , code inspection, and applying fixes directly within the . For recurring task automation, web2py provides a portable cron scheduler that emulates cron functionality across operating systems, including Windows, without requiring native system cron setup. Tasks are defined in the application's cron/crontab file using standard five-field syntax, such as 0 0 * * * to run daily at midnight, followed by a controller function reference like mycontroller/myfunction. This scheduler executes in background threads or dedicated processes, initiated via command-line options like python web2py.py -Y for soft cron mode in WSGI environments or -C for immediate cron execution, preventing interference with web request handling. The task scheduler in web2py extends cron capabilities through the gluon.scheduler module, enabling queued background jobs via worker processes that poll a central database for tasks. Developers queue tasks programmatically using methods like scheduler.queue_task('task_function', pvars={'arg': 'value'}, timeout=60), which supports repeats, priorities, and status tracking in tables such as scheduler_task and scheduler_run. This handles long-running operations asynchronously, avoiding blocking of the main web server, and stores task states in the database by default, though integrations with Redis can be implemented for distributed queuing in multi-server setups. The exec_cron mechanism complements this by running Python scripts in the web2py environment as prefixed entries in the crontab, such as *script.py, ensuring consistent execution context. Shared state across applications and tasks is facilitated by the global environment in the gluon package, accessible via current.globalenv, which serves as a centralized for variables, configurations, and objects persistent beyond individual requests. This allows scheduled tasks to reference app-wide settings or inter-app data without database queries, enhancing efficiency in workflows. These features offer key benefits, including portability that eliminates OS-specific configurations and the ability to enable notifications for error tickets through administrative setup, alerting developers to issues promptly. By decoupling long-running jobs from the web interface, web2py ensures scalable, non-blocking operations suitable for production environments.

Technical Specifications

Supported Environments

web2py is a cross-platform framework that supports Windows, macOS, , and other systems such as BSD. Binary distributions are provided for Windows and macOS, which include an embedded Python interpreter, while the source code version is compatible with any operating system that supports Python. There is no native support for mobile operating systems. The framework fully supports versions 3.9 and later, with earlier versions such as Python 2.7 and 3.5–3.8 deprecated or no longer maintained as of 2024. It also runs on alternative Python implementations including for performance optimization and for integration, though these may have limitations compared to . IronPython support is experimental and not officially recommended for production use. web2py operates in various virtualized and cloud environments, including virtual machines like and , as well as cloud platforms such as Amazon EC2, Google App Engine, Heroku, and PythonAnywhere. It supports containerization with Docker through community-maintained images and has low resource requirements, enabling deployment on embedded hardware like the . For web serving, web2py includes a built-in WSGI server suitable for development and production, supporting SSL and IPv6. In production setups, it integrates with servers like via mod_wsgi or mod_proxy, via uWSGI, Lighttpd and via , and others through CGI, SCGI, or the versatile anyserver.py script for options including , , and Gevent. Load balancing can be achieved by running multiple instances behind a proxy.

Deployment and Distribution Options

Web2py applications can be packaged for distribution using .w2p files, which are created through the administrative interface by first bytecode-compiling the application and then packing it into a single zipped archive containing the compiled models, controllers, views, and static assets. This bytecode compilation process converts the Python source code into an intermediate form that obfuscates the original source, providing a level of intellectual property protection by making reverse-engineering more difficult while maintaining compatibility with the web2py runtime. The resulting .w2p file allows for easy distribution of the application as a self-contained unit, though deployment still requires an existing web2py installation on the target server, which in turn depends on a compatible Python environment. One-click deployment options simplify the rollout process, particularly through integrations like , where applications can be uploaded directly from the web-based IDE. The IDE supports additional upload methods such as FTP and SCP for transferring applications to remote servers, and once deployed, the administrative interface enables remote management, including updates and configuration adjustments without direct server access. In production environments, web2py supports horizontal scaling by deploying multiple frontend instances behind a load balancer, such as , to distribute traffic across servers. Session data can be managed via session farming, where sessions are stored in a shared database accessible by all instances, ensuring state consistency without relying on sticky sessions. Static files can be offloaded to content delivery networks (CDNs) for improved performance and reduced server load, with web2py's configuration allowing seamless integration. Web2py's LGPLv3 license permits the development and deployment of proprietary applications without runtime fees, as long as any modifications to the core framework are released under the same license. Third-party components bundled with web2py, such as , are governed by their own permissive licenses like MIT, which do not impose additional restrictions on proprietary use. For data portability during deployments or migrations, web2py provides built-in tools like db.export_to_csv for exporting database contents to CSV files and db.import_from_csv_file for importing them, facilitating seamless transfers between environments.

Development and Resources

Included Tools and Third-party Integrations

web2py includes several built-in tools designed to facilitate development and runtime management. The interactive shell, accessible via the gluon.shell module, allows developers to perform runtime inspection and execute within a web2py application's environment, enabling tasks such as testing models or controllers interactively. For performance analysis, web2py provides a built-in profiler that can be activated via command-line options like -p or --profiler, generating output files analyzable with tools such as RunSnakeRun to identify bottlenecks in application execution. Additionally, the framework integrates Python's standard module through a configurable logger, supporting levels such as DEBUG, INFO, WARNING, , and CRITICAL, with a sample provided in the examples directory for application-specific logging. Debugging capabilities in web2py emphasize accessibility and integration. Upon encountering non-HTTP exceptions, the framework generates web-based error pages displaying detailed stack traces, variable states (including , and session objects), and the content of the offending file, all tied to a unique ticket number for easy reference and logging. This ticketing system stores error details for administrators while providing users with a concise report, facilitating quick diagnosis without external tools. For deeper inspection, web2py supports integration with Python's pdb debugger through the gluon.debug module, allowing breakpoints via import pdb; pdb.set_trace() in code, which can be invoked during request handling for step-by-step execution. web2py bundles select third-party libraries under the or compatible terms to extend core functionality without external dependencies. It includes for client-side AJAX interactions and DOM manipulation, embedded in the default layout via web2py_ajax.html to support dynamic form handling and effects. A parser is provided through gluon.contrib.markdown, enabling conversion of Markdown-formatted text to for content rendering in views or wiki-like interfaces. For caching and queuing, web2py supports integration via the cache.redis , allowing developers to configure servers for distributed caching as an alternative to in-memory or disk-based options, with methods to retrieve statistics on key usage and performance. The framework's web-based administrative interface includes extensibility features for customization. Plugin support enables the addition of themes to alter the admin UI's appearance and layout, while components allow modular page sections that can incorporate custom helpers for tasks like form validation or data visualization. The admin interface supports installation of applications from external sources, streamlining deployment workflows without leaving the browser interface. For advanced task queuing beyond the built-in scheduler, web2py's plugin architecture and API support extensions for distributed task queues, configurable with backends like Redis.

Publications and Documentation

The primary official publication for web2py is the "web2py Complete Reference Manual" authored by Massimo Di Pierro, with the 6th edition available in pre-release form online, providing comprehensive coverage from foundational concepts like installation and the web-based IDE to advanced topics such as the (), security features, and deployment options. This manual serves as the definitive reference, including detailed documentation for core components like DAL methods, HTML helpers, and built-in modules, and it is structured for both beginners and experienced developers with interactive code examples embedded throughout. Complementing the manual, web2py's online is freely accessible in and PDF formats at web2py.com/book, featuring interactive examples that allow users to run and modify code directly in a browser-based environment. Legacy API references are hosted on Read the Docs, though they are not actively maintained. For modern development, resources for py4web—the successor framework—are available at py4web.com, including updated and migration guides. For visual learning, official video resources include tutorials and talks by Massimo Di Pierro on YouTube, such as his PyCon Argentina 2012 presentation "Web Development Should be Easy," which demonstrates rapid application prototyping, and a PyCon US 2011 tutorial on web2py's internal design and file organization. Demo screencasts for the IDE and scaffolding features are also available on Vimeo, illustrating practical workflows like database migrations and UI generation. Printed resources include the self-published "web2py Complete Reference Manual," available for purchase in physical format through the official site or Lulu, offering a tangible version of the online edition. Another key printed work is the "web2py Application Development Cookbook" published by Packt Publishing in 2012, which provides practical recipes for common tasks like authentication, AJAX integration, and RESTful services, with code examples that can be adapted across chapters. Further support comes from community-maintained resources, including a and discussion forums hosted at web2py.com for troubleshooting and sharing extensions, as well as migration guides to py4web—the framework's successor—detailing porting strategies for models, controllers, and views while highlighting differences.

Recognition and Legacy

Awards and Achievements

In 2011, web2py received the Bossie Award for the best development tool from InfoWorld, recognizing its ability to simplify the creation of secure web applications through an integrated full-stack approach. The framework was praised for streamlining development tasks, including database management and deployment, making it accessible for both novices and experienced developers. The following year, in , web2py earned InfoWorld's Technology of the Year award in the category of innovative full-stack frameworks, highlighting its emphasis on built-in features, ease of use, and capabilities. This accolade underscored web2py's contributions to reducing common pitfalls, such as vulnerabilities, via automatic validation and escaping mechanisms. Key innovations in web2py include its fully web-based (IDE), introduced in the initial 2007 release, which allowed , , and deployment entirely through a browser without requiring local installations. Additionally, web2py featured a portable cron-like task scheduler for background jobs, enabling cross-platform automation of repetitive tasks. Web2py's (DAL) represented a significant contribution to the Python web ecosystem, providing a syntax-driven API for database interactions that prioritizes portability across multiple backends like , , and . The framework also saw notable adoption in education, with creator Massimo Di Pierro incorporating it into university-level web development courses at to teach secure application building. By 2012, web2py had achieved substantial popularity, with reports indicating tens of thousands of downloads and widespread use in production environments. As of 2025, it remains active in legacy projects, powering 658 live websites globally despite shifts in the broader .

Notable Applications and Community Impact

web2py includes several built-in example applications that demonstrate its capabilities for rapid development, such as the AjaxSpreadsheet for interactive data manipulation, the AppointmentManager for scheduling systems, the ArXivInterface for integrating with academic databases, and the CeleryIntegrationExample for task queuing with distributed processing. These appliances are ready-to-deploy and serve as templates for common use cases like small sites (e.g., shopping cart implementations) and tools. In real-world applications, web2py has been employed in academic and research environments, including the development of CyNote, an electronic laboratory notebook system compliant with 21 CFR Part 11 regulations for secure record-keeping in scientific workflows. It has also powered data-driven web applications in academic libraries, such as portals for managing microcontent and educational resources, leveraging its for ease of integration. Deployments on have enabled scalable applications, particularly for startups and small teams building complex web apps in the 2010s, with community-contributed integrations like supporting background tasks. The web2py community has fostered ongoing development through forums like the web2py-users Group and discussions on , where developers share experiences with production systems and integrations. Its emphasis on secure, beginner-friendly patterns has influenced Python web education, with adoption in university courses across the , , and to teach agile development of database-driven applications. As of 2025, web2py powers 658 live websites globally, maintaining a legacy in production environments despite transitions. Many users have migrated legacy web2py applications to its successor py4web for modern Python 3 compatibility, with straightforward porting of models and controllers, while some teams have shifted to Django for broader ecosystem support. This evolution underscores web2py's role in prototyping secure apps, particularly for educational portals and research tools that persist in legacy systems.

References

  1. https://web2py.com/books/default/chapter/29/01/introduction
  2. https://www.web2py.com/book
  3. https://github.com/web2py/web2py
  4. https://www.web2py.com/
  5. https://py4web.com/
  6. https://mdipierro.github.io/DePaul/
  7. https://mdipierro.github.io/Publications/2011-web2py-for-Scientific-Applications.pdf
  8. https://stackoverflow.com/questions/327101/rails-users-have-you-tried-web2py-pros-cons
  9. https://web2py.com/books/default/chapter/29/15/helping-web2py
  10. https://www.web2py.com/AlterEgo/default/show/80
  11. https://www.web2py.com/init/default/changelog
  12. https://py4web.com/_documentation/static/en/chapter-01.html
  13. https://pypi.org/project/py4web/1.20200517.1/
  14. https://www.web2py.com/init/default/what
  15. https://www.web2py.com/books/default/chapter/29/02/the-python-language
  16. https://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer
  17. https://pydal.readthedocs.io/en/latest/
  18. https://web2py.com/books/default/chapter/29/03/overview
  19. https://www.web2py.com/books/default/chapter/29/01/introduction
  20. https://www.web2py.com/books/default/chapter/29/09/access-control
  21. https://web2py.com/books/default/chapter/29/04/the-core
  22. https://web2py.readthedocs.io/en/latest/scheduler.html
  23. https://web2py.readthedocs.io/en/latest/_modules/gluon/globals.html
  24. https://www.web2py.com/init/default/download
  25. https://www.web2py.com/books/default/chapter/29/04/the-core
  26. https://www.web2py.com/books/default/chapter/29/13/deployment-recipes
  27. https://forums.raspberrypi.com/viewtopic.php?t=25719
  28. https://hub.docker.com/r/acidjunk/web2py
  29. https://www.web2py.com/books/default/chapter/29/14/other-recipes
  30. https://www.web2py.com/books/default/chapter/29/03/overview
  31. https://www.web2py.com/init/default/license
  32. https://web2py.readthedocs.io/en/latest/dal.html
  33. https://www.web2py.com/examples/static/sphinx/gluon/gluon.html#module-gluon.shell
  34. https://web2py.readthedocs.io/en/latest/_modules/gluon/debug.html
  35. https://www.web2py.com/examples/static/sphinx/gluon/gluon.contrib.markdown.html
  36. https://www.web2py.com/books/default/chapter/29/12/components-and-plugins
  37. https://onlinebooks.library.upenn.edu/webbin/book/lookupid?key=olbp88428
  38. https://www.web2py.com/init/default/documentation
  39. https://www.youtube.com/watch?v=iMUX9NdN8YE
  40. https://pyvideo.org/pycon-us-2011/pycon-2011--web2py-secrets-tutorial--1-2.html
  41. http://vimeo.com/album/178500
  42. https://www.packtpub.com/web-development/web2py-application-development-cookbook
  43. https://www.amazon.com/web2py-Application-Development-Cookbook-Martin/dp/1849515468
  44. https://www.web2py.com/init/default/usergroups
  45. https://py4web.com/_documentation/static/en/chapter-15.html
  46. https://www.infoworld.com/article/2184369/picking-the-top-technologies-in-a-wild-year.html
  47. https://trends.builtwith.com/framework/web2py
  48. https://www.web2py.com/appliances
  49. https://richardeng.medium.com/the-zen-of-web2py-ede59769d084
  50. https://arxiv.org/pdf/2302.10381
  51. https://www.emerald.com/insight/content/doi/10.1108/LHT-07-2015-0069/full/html
  52. https://python4dads.wordpress.com/2014/08/13/deploying-web2py-apps-to-google-app-engine-gae/
  53. https://www.reddit.com/r/Python/comments/xynzzu/i_am_wondering_how_many_people_here_are_web2py_or/
  54. https://groups.google.com/g/web2py
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.