Modify the model-table from another machine/outside Django

Say I have a model with 3 fields field1, field2, field3. I want to alter field2 based on the outcome on a heavy function, thus that function is computed elsewhere (on another machine, outside the Django app) with some more processing power. How do I, in a secure way, push the changes that is computed at Machine A back to the model-table of Django (which runs on Machine B)?

It is doable with pandas like:

Import pandas as pd

df= pd.from_sql(myapp_model)
df = my_heavy_function()
df.to_sql(myapp_model)

but I doubt it’s the best way to do it.

Furthermore I’ve thought just cloning the Django project to Machine A (the computation one) and have one fuction which is called that does the update using e.g

from myapp.models import my_model
df = my_heavy_function()
user= my_model.get(user=my_user)
user.field2=df["field2"]
user.save()

but that sounds a bit overkill to me

You’ve got a couple different options -

  • Have your external program update the database directly, bypassing Django completely.
    or
  • Create a JSON endpoint where your external program submits the value to be updated. Your program becomes a “client” just like any other - using some authentication method for Django to check.

(Other ideas I thought of basically boil down to variations of these two.)

I think your first suggestion is just like my “pandas-workaround”, right? That is definitely the easiest way I think, but I wonder if it’s secure e.g locking if Django and the external program tries to update the database at the same time.

Would you have any suggestions (or can you point me at a direction/documentation) of how to implement your second suggestion?

It’s similar in principle, but without the “overkill”. Instead of re-implementing your Django installation, you would just be using the Python db api to access the database directly from your program and issuing SQL statements to update the tables.

This is precisely what database engines are designed to do. Databases like PostgreSQL, MySQL/MariaDB, Oracle, MS SQL, DB2, etc, exist to allow for multiple processes to update data and to keep everything “in order”. (Now, if you’re using Sqlite, that’s a different issue.) Keep in mind that when you’re running Django in a production-ish environment, you’re already running multiple instances of your project as separate processes, and so you’re already doing something like this.

For a single endpoint with limited requirements, I wouldn’t recommend implementing DRF. That would also seem to be “overkill” to me. I’d do it “manually”, I don’t think it would be all-that-much work.

On the Django side, you could create a view that accepts a JSON object (accessed in the view using request.body) and updates the appropriate model. That JSON object can be defined to contain whatever data necessary for the view to process the submission. You would then define a URL that would map a request to that view.

The sending side can then issue a POST to that url using the Requests package to submit the updates.

If you need to add a layer (or two) of security, you could include some sort of credentials (perhaps a userid & password, or maybe just some type of token) in the JSON data being submitted, then validate those credentials within the view. You could also use the get_host method to identify where the request is coming from. (Note, I wouldn’t rely on this alone, because IP addresses can be spoofed.)