marco.naw...@colosso.nl writes: > Why not use Python files itself as configuration files?
Because configuration data will be user-editable. (If it's not user-editable, that is itself a poor design choice.) If you allow executable code to be user-edited, that opens your program to arbitrary injection of executable code. Your program becomes wide open for security exploits, whether through malicious or accidental bugs, and simple human error can lead to arbitrary-scope damage to the user's system. On another dimension, configuration files specifying the behaviour of the system are much more useful if their format is easily parsed and re-worked by tools the user chooses. Your program should not be the only tool (and Python should not be the only language) that can read and/or write the configuration data with straightfoward data manipulation. So a complex full-blown programming language like Python is a poor choice for configuration data for that reason, too. Much better to choose a tightly-defined, limited-scope configuration data format that you can be confident any user cannot employ to run arbitrary code. -- \ “For myself, I am an optimist — it does not seem to be much use | `\ being anything else.” —Winston Churchill, 1954-11-09 | _o__) | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list