Latest Posts (13 found)
miguelgrinberg.com 3 weeks ago

CSRF Protection without Tokens or Hidden Form Fields

A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot , and I thought it was a fantastic idea. When I set off to do this work in early November I expected I was going to have to deal with anti-CSRF tokens, double-submit cookies and hidden form fields, pretty much the traditional elements that we have used to build a defense against CSRF for years. And I did start along this tedious route. But then I bumped into a new way some people are dealing with CSRF attacks that is way simpler, which I describe below.

security Security
0 views
miguelgrinberg.com 1 months ago

How to Securely Store Secrets in Environment Variables

You may have seen the recent reports of a malware that stole API keys, tokens and other secrets from a large number of developers. Where were these secrets stolen from? You guessed it, they were mostly stolen from environment variables. We use environment variables to configure information that processes need to run, but this type of storage was not designed for security, so using the environment for secrets always comes with risk. Given how serious this recent attack was, I thought it would be good to write a short article describing how I manage my secrets as part of my open source work.

devops DevOps security Security
0 views
miguelgrinberg.com 3 months ago

Python 3.14 Is Here. How Fast Is It?

In November of 2024 I wrote a blog post titled "Is Python Really That Slow?" , in which I tested several versions of Python and noted the steady progress the language has been making in terms of performance. Today is the 8th of October 2025, just a day after the official release of Python 3.14. Let's rerun the benchmarks to find out how fast the new version of Python is!

performance Performance python Python
0 views
miguelgrinberg.com 5 months ago

Benchmarking MicroPython

In the Q&A session following my EuroPython 2025 presentation about the Microdot web framework, a member of the audience asked me what the performance of MicroPython running on a microcontroller is. This took me a bit by surprise, because I really had no way to quantify it, I just knew it was, in vague terms, not great. I never questioned the low performance, because it was never a problem for me. My answer to the question was that microcontrollers cannot replace a computer, and that these devices are only useful for small, focused tasks that are not demanding in any way. But after returning from the conference I kept thinking about this question, which piqued my curiosity. So I decided to build a better mental image of the performance these little machines have. In this blog post I want to share some results that compare Python code running on a few microcontroller boards that I have collected through my experiments with hardware, along with my laptop and a Raspberry Pi 4 to help put things into perspective.

performance Performance python Python hardware Hardware
0 views
miguelgrinberg.com 7 months ago

Why Generative AI Coding Tools and Agents Do Not Work For Me

People keep asking me If I use Generative AI tools for coding and what I think of them, so this is my effort to put my thoughts in writing, so that I can send people here instead of having to repeat myself every time I get the question. From the title you already know that this isn't a pro-AI blog post. But it isn't an anti-AI post either, at least I don't think it is. There are already plenty of articles by AI promoters and AI critics, so I don't feel there is a need for me to write one more of those. While I'm definitely not neutral on the subject, in this article I'm just going to share my personal experience with these tools, from a strictly technical point of view.

programming Programming ai AI
0 views
miguelgrinberg.com 7 months ago

Create a React + Flask Project in 2025

My article on creating a React + Flask project is one of the most visited on this blog. Can you believe that I wrote it over 5 years ago? In this article and video I'm going to share how I'm building this type of project in 2025. The main change I've introduced since I documented my 2020 process is that now I'm using Vite (French word that is pronounced "veet" and means "quick") instead of to scaffold the React application, since the latter isn't maintained anymore.

tutorial Tutorial python Python
0 views
miguelgrinberg.com 10 months ago

Font Ligatures for your Code Editor and Terminal

The other day I shared my code editor window during a video call with a client, and he immediately did a double take. "How did you make your code look like that?", he wanted to know. Have a look at the following screenshot and see if like my client, anything calls your attention: If you are wondering what secret keyboard trick allows you to type , , and other unusual characters, and then how to get Python and other programming languages to accept them then read on, as this is much easier than you think and you can do it too!

programming Programming python Python
0 views
miguelgrinberg.com 10 months ago

A Review of The Quick Python Book, Fourth Edition

I've been given a review copy of The Quick Python Book, Fourth Edition by Naomi Ceder, published by Manning. Since I often get asked for Python book recommendations, I thought it would be a good idea to share a review, in case you are looking for material to sharpen your Python skills.

python Python books Books
0 views
miguelgrinberg.com 11 months ago

Dynamic Forms with Flask

A common need in web applications is to create a form that allows the user to enter a list of items, with the number of items not known in advance. This is a pattern often used when entering user information, specifically for phone numbers or addresses, but has a lot of other uses as well. In the example below you can see how the user dynamically adds more phone numbers to the form by clicking the "Add another" link. Implementing this with Flask is surprisingly tricky, as it requires a combination of back and front end techniques working together. In this article I will show you two possible solutions, a basic one that uses only Flask and a more complete one for the Flask-WTF form handling extension.

tutorial Tutorial python Python web-development Web Development
0 views
miguelgrinberg.com 12 months ago

Encryption at Rest with SQLAlchemy

In this tutorial I'm going to show you how to extend SQLAlchemy so that you can define database columns that are stored encrypted. In the solution I'm going to share, the columns that are designated as encrypted will transparently encrypt and decrypt themselves as data moves to and from the database. For this tutorial I'm going to use SQLAlchemy version 2, the latest and greatest. All the techniques I will present can be adapted to SQLAlchemy 1.x if you need to work with legacy versions. If you are interested in updating your knowledge of SQLAlchemy, I have a SQLAlchemy 2 book that can help.

tutorial Tutorial database Database
0 views
miguelgrinberg.com 1 years ago

Using Free Let's Encrypt SSL Certificates in 2025

In this article I'm going to review the steps you need to take to obtain an A+ SSL security rating for your website, as mine has . This tutorial applies to any hosting solution that uses Nginx as web server or reverse proxy, running on a Debian based distribution of Linux such as Ubuntu . The SSL Certificate provider that I use is Let's Encrypt , which is trusted by all major web browsers and issues certificates for free.

security Security tutorial Tutorial devops DevOps
0 views
miguelgrinberg.com 1 years ago

A Year In Review: Flask in 2024

I'm seeing a stream of "year in review" blog posts about all sorts of topics pop up to coincide with the start of 2025. I'm not sure if this is going to be a new tradition for me, but to follow this trend in this article I'm going to give you my review of the most interesting things that happened in the Flask ecosystem in 2024.

python Python web-development Web Development
0 views