5 Reasons Not to Use the Django Admin

– Hi, Buddy Lindsey here from GoDjangocom

Today, I wanna talk to you about something that is gonna meet with a lot of resistance with the rest of the Django community That's the fact that I don't think you should use the Django admin in production Now, I have two caveats with that One is if it's only you If you're creating website, it's kinda toying around website and you're gonna be the only one that ever edits it, then it's probably fine to use the Django admin because you know exactly how the data should be, you know how it all works, and it's probably okay at that point

But I also feel like if its gonna lead into a second person editing data, you need to do your own custom admin that's not a custom Django admin, it's a custom admin so that you can display the data the way it should be I also feel like that you can use the admin if you're doing development or only the developers who are using it in production to do basic data lookup and tweaks, and only developers are gonna use it and not a business person in the company With those two caveats out of the way, let's take a look at why I don't think the Django admin should be used I think there's really five reasons the Django admin shouldn't be used in production The first one, and this is gonna kinda rub a few people the wrong way, is I think at least the laziness in the business, into the business side of the business

When I say laziness I mean, people say, well there's an admin generated automatically, we can just use that and it'll all be fine Well, the problem is that really the only ones that understand the data are the developers because they've generated out of the models and they're gonna spend time trying to customize things to get it to work right And really, if you give it to a non-developer, when they start looking at it, it takes them a while to get trained and it takes them a while to understand it and it kinda can be confusing, very confusing for new users to get in and look at the Django admin and really understand what's going on and navigate around I work with people all the time that deal with the Django admin and they're constantly looking for stuff Heck, I'm constantly looking for stuff and having to do Ctrl + F in my browser and search for the model that I wanna use and then edit the piece of information

Whereas, if I had a better menuing system, a better thing inside of a custom admin, I can get to where I need to go a lot faster because I'm trying to accomplish a specific business task and not modify data to fit the business That's kinda where I come at from at least the laziness in the business side of doing a website The number two reason that I think it's bad to use the Django admin in production is that it leads to more errors in your data What do I mean by that? Think about it, you have a lot of data in there and you have to spend time, you have to customize I want this type of data to go in here

I want it to be moved here You're kinda doing all of these different things but there's a lot of fields still If you use something like Django inline or the Django admin inline third party app, you can do inline for like adding extra data and it's kind of nested inside in the admin so you can get some seriously long admin pages where you're trying to edit and add data And it can get really confusing really fast as to what you're putting where If you're adding a piece of information and you need to do like 50 different inlines which is basically like a foreign key relationship and you're adding multiples of everything, I guess not really a foreign key but like a many to many and you're adding it, then you can get a ton of data in there and you're just like, hey, what's going on? Did I edit this up here? Did I put this down here? And it's kinda confusing

Then when you hit save depending on the amount of data, it can take extra time to save because it's trying to parse everything and you don't really have any kind of auto completion stuff that you could if you spend time on a custom admin The third reason is dev time A lot of times, I see people go through huge feats of editing and development to create and modify this Django admin to be able to have a nice functional little thing for our users to be able to insert and put in data in a easy to understand way When that's not what the Django admin is good at It's good for just quickly seeing data and editing it, not to have custom workflows

It's terrible with that because you only have two states; edit and update, and you can't just view data very well You can't click into an object and go view the data and it not be editable That's just not something it's good at You have to do some really wonky stuff if you wanna be able to edit data and auto populate other parts of the data It gets really weird when you spend a lot of dev time trying to do custom things to the admin

Whereas, if you were to do a custom admin, you would spend probably the same amount of time, maybe a tiny bit more in creating a custom admin and get exactly the things you want and only the things that you want You could do auto population You could do all kinds of other stuff And you can then save time later on down the road for other people in the business to be able to enter in the data exactly the way they need to go so you can eliminate number two, which is reduce the amount of errors that you get into your data The fourth reason I don't like to use the Django admin is that it adds another possibility for an attack vector

If you know that your admin is there, if you know Django is being used, and most people don't change /admin to anything else, then it leads to the possibility, hey, I have this new custom login and if you watched a video I did on Django honeypot, you can sit there and you can try as much as you want to try to log in to that Django admin and you can brute force it until maybe you can get in And so it just leads to a potential where somebody could get into your data and guess what, if they can make it into there, now they have access to all of your data And that's not exactly a good thing Fortunately, there's an application out there called Django honeypot which makes that original login page a honeypot so that you can try to log in all you want and you'll never make it in and we start to record who's logging in and where they're from so that we can go add that to maybe some white or blacklists I guess some blacklists in this case

Security is a reason for not using the Django admin The final reason that I don't really think we should be using the Django admin in production is well, I mean, let's be honest about it, it's kinda ugly It got a lot better in the latest update that it had a flat panel, doing a flat view, but it's not mobile friendly It doesn't work well with the way we generally like to do business It's a bad user experience all around

It's kinda like, hey, do I want people to enjoy what they're doing or do I not want people to not enjoy what they're doing? We spend a little extra time with our Django admin, the custom thing that we build out to the side We can make it look the same as the rest of our site and make it a joy to use and have a good user experience The other part of that is depending on how you're doing development of that feature, you could potentially get a specific feature down to a point and refine it really well and then just push it over to the customer side of the equation and now they can do that admin task potentially instead of you having to worry about it It gives you an opportunity to vet out some of the features that you might want to give to your customers that you have to do all the time instead of making it a manual process that you always have to go under the Django admin and do yourself So, it's an opportunity to be able to make things better for your customer and the customer that is the people in the business

Again, these are five reasons I guess, not 10, but five reasons that I think people should not be using the Django admin in production I personally think that more people should strive to not use the Django admin in production and we should move towards encouraging people to not do that Granted this is probably not gonna happen just from this one little video but I hope this has afforded you an opportunity to really think about the usage of the Django admin in your production environments So with that, please feel free to leave comments below

I would love to hear your opinions Please leave a thumbs up if you enjoyed the video If not, I wouldn't recommend doing anything Otherwise, please subscribe and stay tuned for more videos Feel free to watch a couple of the other videos that I have below

I wanna thank you for your time and have a great day