On 08/04/2015 01:59 PM, Ben Finney wrote: > marco.naw...@colosso.nl writes: > >> Why not use Python files itself as configuration files? > > Because configuration data will be user-editable. (If it's not > user-editable, that is itself a poor design choice.) > > If you allow executable code to be user-edited, that opens your program > to arbitrary injection of executable code. Your program becomes wide > open for security exploits, whether through malicious or accidental > bugs, and simple human error can lead to arbitrary-scope damage to the > user's system.
We need to state the context here. The only context in which having a Python config file is dangerous is when the python program runs as a different user/privilege than the owner of the config file. If the user owns the python files as well as the config file then none of this matters. In most cases, I've never bought the argument you and others are making here about security and demanding yet another DSL. In fact I find the argument to be rather circular in that we're dealing with programs that aren't compiled but written in Python anyway. I can open and edit any python file in the project that I want and make arbitrary, possibly "malicious" changes to it! Oh no! The idea that a malicious user could inject python code in this instance and somehow deliberately harm the system is kind of silly if you think about it. It's me that's running the python code in the first place. I could open any file and change it. I'm already running arbitrary code. If I'm talking about a system service that is doing things for non-root users, then yeah I'll agree with your argument completely. But not for most other situations. Even a system service, if the config file is owned by root, I'm okay with using python as configuration. Because if root's compromised, all bets are off anyway and all the python scripts could be modified. In fact python as configuration works very well for my purposes, and it works well for Django, and there are many other projects that also do this. I don't think you'd want to use any other mechanism for configuring Django, frankly. I'm a bit surprised no one has mentioned Django in this discussion yet. In many of my projects I put basic config variables in a file like config.py and import that in each module that needs it. The config module doubles as a global namespace for sharing between modules as well. -- https://mail.python.org/mailman/listinfo/python-list
