I believe that the ability to easily build high quality web applications is of critical importance for the growth of a free and open society. This prevents the biggest players from monopolizing the flow of information.

Hence I started the web2py project in 2007, primarily as a teaching tool with the goal of making web development easier, faster, and more secure. Over time, it has managed to win the affection of thousands of knowledgeable users and hundreds of developers. Our collective effort has created one of the most full-featured Open Source Web Frameworks for enterprise web development.

As a result, in 2011, web2py won the Bossie Award for best Open Source Development Software, and in 2012 it won the Technology of the Year award from InfoWorld. With the effort of a growing community, in 2017 web2py was finally refined in order to support Python 3 (but it is still compatible with the older Python 2.7 !).

As you will learn in the following pages, web2py tries to lower the barrier of entry to web development by focusing on three main goals:

Ease of use. This means reducing the learning and deployment time as well as development and maintenance costs. This is why web2py is a full-stack framework without dependencies. It requires no installation and has no configuration files. Everything works out of the box, including a web server, database and a web-based IDE that gives access to all the main features. The API includes just 12 core objects, which are easy to work with and memorize. It can interoperate with most web servers, databases and all Python libraries.

Rapid development. Every function of web2py has a default behavior (which can be overridden). For example, as soon as you have specified your data models, you will have access to a web-based database administration panel. Also, web2py automatically generates forms for your data and it allows you to easily expose the data in HTML, XML, JSON, RSS, etc. web2py provides some high level widgets such as the wiki and the grid to rapidly build complex applications.

Security. The web2py Database Abstraction Layer (DAL) eliminates SQL Injections. The template language prevents Cross Site Scripting vulnerabilities. The forms generated by web2py provide field validation and block Cross Site Request Forgeries. Passwords are always stored hashed. Sessions are stored server-side by default to prevent Cookie Tampering. Session cookies are UUID to prevent Session Hijacking.

web2py is built from the user perspective and is constantly being optimized internally to become faster and leaner, whilst always maintaining backwards compatibility.