Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #95018

Re: Most Pythonic way to store (small) configuration

From Grant Edwards <invalid@invalid.invalid>
Newsgroups comp.lang.python
Subject Re: Most Pythonic way to store (small) configuration
Date 2015-08-05 14:00 +0000
Organization PANIX Public Access Internet and UNIX, NYC
Message-ID <mpt4t2$rr0$1@reader1.panix.com> (permalink)
References <87k2teq9tb.fsf@Equus.decebal.nl> <663ad259-48e0-4eec-a946-7cd03805ddb1@googlegroups.com> <85y4hqkepb.fsf@benfinney.id.au> <mailman.1221.1438738647.3674.python-list@python.org>

Show all headers | View raw

On 2015-08-05, Michael Torrie <torriem@gmail.com> wrote:
> On 08/04/2015 01:59 PM, Ben Finney wrote:
>> marco.nawijn@colosso.nl writes:
>> 
>>> Why not use Python files itself as configuration files?
>> 
>> Because configuration data will be user-editable. (If it's not
>> user-editable, that is itself a poor design choice.)
>> 
>> If you allow executable code to be user-edited, that opens your program
>> to arbitrary injection of executable code. Your program becomes wide
>> open for security exploits, whether through malicious or accidental
>> bugs, and simple human error can lead to arbitrary-scope damage to the
>> user's system.
>
> We need to state the context here.  The only context in which having a
> Python config file is dangerous is when the python program runs as a
> different user/privilege than the owner of the config file.  If the user
> owns the python files as well as the config file then none of this matters.

Yes, it does.

We're not just talking about intentional, malicious damange, we're
also talking about _accidental_ damage caused by an incorrect edit of
a configuration files.

It's much harder to cause damage by mis-editing an "ini" format file
that's parsed with the config file library than it is by mis-editing a
Python file that's imported.

-- 
Grant Edwards               grant.b.edwards        Yow! Clear the laundromat!!
                                  at               This whirl-o-matic just had
                              gmail.com            a nuclear meltdown!!

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Most Pythonic way to store (small) configuration Cecil Westerhof <Cecil@decebal.nl> - 2015-08-02 12:11 +0200
  Re: Most Pythonic way to store (small) configuration Chris Angelico <rosuav@gmail.com> - 2015-08-02 20:49 +1000
  Re: Most Pythonic way to store (small) configuration Ben Finney <ben+python@benfinney.id.au> - 2015-08-02 21:54 +1000
    Re: Most Pythonic way to store (small) configuration Cecil Westerhof <Cecil@decebal.nl> - 2015-08-02 18:51 +0200
      Re: Most Pythonic way to store (small) configuration Lele Gaifax <lele@metapensiero.it> - 2015-08-02 22:02 +0200
      Re: Most Pythonic way to store (small) configuration Cameron Simpson <cs@zip.com.au> - 2015-08-03 08:49 +1000
      Re: Most Pythonic way to store (small) configuration Ben Finney <ben+python@benfinney.id.au> - 2015-08-03 11:16 +1000
  Re: Most Pythonic way to store (small) configuration Mark Lawrence <breamoreboy@yahoo.co.uk> - 2015-08-02 16:12 +0100
  Re: Most Pythonic way to store (small) configuration Tim Chase <python.list@tim.thechases.com> - 2015-08-02 16:11 -0500
    Re: Most Pythonic way to store (small) configuration Dan Sommers <dan@tombstonezero.net> - 2015-08-03 04:02 +0000
      Re: Most Pythonic way to store (small) configuration Steven D'Aprano <steve@pearwood.info> - 2015-08-03 23:38 +1000
        Re: Most Pythonic way to store (small) configuration Chris Angelico <rosuav@gmail.com> - 2015-08-03 23:46 +1000
        Re: Most Pythonic way to store (small) configuration Mark Lawrence <breamoreboy@yahoo.co.uk> - 2015-08-03 15:37 +0100
  Re: Most Pythonic way to store (small) configuration marco.nawijn@colosso.nl - 2015-08-04 07:53 -0700
    Re: Most Pythonic way to store (small) configuration Irmen de Jong <irmen.NOSPAM@xs4all.nl> - 2015-08-04 19:06 +0200
      Re: Most Pythonic way to store (small) configuration marco.nawijn@colosso.nl - 2015-08-04 11:37 -0700
    Re: Most Pythonic way to store (small) configuration Ben Finney <ben+python@benfinney.id.au> - 2015-08-05 05:59 +1000
      Re: Most Pythonic way to store (small) configuration Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-08-05 18:32 +1000
        Re: Most Pythonic way to store (small) configuration Chris Angelico <rosuav@gmail.com> - 2015-08-05 20:01 +1000
    Re: Most Pythonic way to store (small) configuration Michael Torrie <torriem@gmail.com> - 2015-08-04 19:32 -0600
      Re: Most Pythonic way to store (small) configuration Grant Edwards <invalid@invalid.invalid> - 2015-08-05 14:00 +0000
    Re: Most Pythonic way to store (small) configuration random832@fastmail.us - 2015-08-04 22:44 -0400
    Re: Most Pythonic way to store (small) configuration Michael Torrie <torriem@gmail.com> - 2015-08-04 22:48 -0600
      Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-04 21:55 -0700
        Re: Most Pythonic way to store (small) configuration Lele Gaifax <lele@metapensiero.it> - 2015-08-05 08:54 +0200
  Re: Most Pythonic way to store (small) configuration Tim Chase <python.list@tim.thechases.com> - 2015-08-05 08:18 -0500
    Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-05 06:37 -0700
      Re: Most Pythonic way to store (small) configuration Tim Chase <python.list@tim.thechases.com> - 2015-08-05 15:55 -0500
        Re: Most Pythonic way to store (small) configuration Marko Rauhamaa <marko@pacujo.net> - 2015-08-06 00:47 +0300
          Re: Most Pythonic way to store (small) configuration Tim Chase <python.list@tim.thechases.com> - 2015-08-05 18:43 -0500
          Re: Most Pythonic way to store (small) configuration Chris Angelico <rosuav@gmail.com> - 2015-08-06 10:07 +1000
            Re: Most Pythonic way to store (small) configuration Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-08-06 17:33 +1000
              Re: Most Pythonic way to store (small) configuration Chris Angelico <rosuav@gmail.com> - 2015-08-06 17:51 +1000
        Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-05 18:01 -0700
          Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-05 18:06 -0700
  Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-05 06:46 -0700
    Re: Most Pythonic way to store (small) configuration Steven D'Aprano <steve@pearwood.info> - 2015-08-06 00:08 +1000
      Re: Most Pythonic way to store (small) configuration Rustom Mody <rustompmody@gmail.com> - 2015-08-05 07:25 -0700

csiph-web