[sdrm]

Definitely use DRF for this kind of usecases.

The problem with his approach is that it'll always expose ALL the fields of a model to the frontend, like hashed passwords, and can come at a performance cost if the queryset was run with `.only("some", "fields")`. This can be tolerable for small projects but it doesn't scale too well on the long term...

[Ranebow6]

Surely it will only expose the fields you've defined in your Serializer class?

https://www.django-rest-framework.org/api-guide/serializers/...

[brento]

In the article, you'll notice I'm not using DRF.

[brento]

I would certainly make improvements to the script to optimize the serialization of the QuerySet to only output the needed fields. It's hard to write an article that would capture every use case and optimization required.