On 4 Dec, 19:35, HT <[EMAIL PROTECTED]> wrote:
> A colleague of mine is arguing that since it is easy to write config like:
>
> FOO = {'bar': ('a': 'b'), 'abc': ('z': 'x')}
>
> in config.py and just import it to get FOO, but difficult to achieve the
> same using an ini file and ConfigParser, and since Python files are just
> text, we should just write the config options in the Python file and
> import it.
>
> I can think of lots of arguments why this is a bad idea, but I don't
> seem to be able to think of a really convincing one.
>
> Anyone?Some people actually do that. IIRC, ipython is now configured using a python module. The idea, however, is dangerous from a security viewpoint. Because anybody can edit his configuration .py file, you are in effect injecting arbitrary code into your program. Think that your program starts with raw_input() and then goes on the execute whatever you get. Same problems with SQL injection for example. So people prefer to have a much more controlled environment for configuration. In particular, the idea of using json as Chris said should become a best practice now we have the json module. Regards, Muhammad Alkarouri -- http://mail.python.org/mailman/listinfo/python-list
