Cecil Westerhof <ce...@decebal.nl> writes: > ... >> If you only want to read the configuration, just use an ordinary >> file you import. For example config.py contains the lines: >> username=myuser >> server=myserver >> password=secret >> >> In your script: >> >> import config >> >> Now you can referenc all the variables via config.<name>, e.g. >> config.username > > That I know, but it is a security risk.
It is a security risk if you allow potential attackers to modify the Python files. Then, however, those attackers could also modify the Python code itself (rather than the config file). Thus, the risk may not much increase (depending on how different the protection for the config file is compared to that for other Python source code). > ... >> Another method would be a dictionary for your config. You could >> pickle and unpickle it. > > Is pickle not discouraged? Better to use a JSON file I think. "pickle", too, has a potential security risk -- if you allow unpickling from untrusted source. Usually, however, configuration comes from trusted sources. However, if JSON has sufficient data type support for you, go for it. -- https://mail.python.org/mailman/listinfo/python-list
