ConfigParser: writes a list but reads a string?
Fuzzyman
fuzzyman at gmail.com
Sat Jan 21 03:06:39 EST 2006
funkyj wrote:
> I'm interested in the same sort of config file issues.
>
> Unfortunately the restricted execution has fallen out of favor. My
> preferred solution would be to have a configEval() function that is
> just like the regular Python eval() but only accepts a subset of the
> python language, e.g. creating the basic built in datatypes and
> variable assignment and perhaps a short list of safe library functions:
>
> favoriteColors = [ 'red', 'blue', 'orange']
> props = {'fish': 7, 'cow': 'milk'}
> # a comment
> otherstuff = (props, favoritColors, 7)
>
> While currently I just write my config file in python and eval() it,
> this sucks from a security standpoint (e.g. someone could replace the
> config file with a python program that deletes my hard drive). Thanks
> for the configObj suggestion, I'll look into that.
>
> making the config file XML and using xml.dom is another option,
> although XML is a bit ugly to edit by hand.
On the cookbook there is a serialize and de-serialize function that
works with the basic datatypes, but doesn't have the associated risks
of using eval.
ConfigObj is still a better solution IMHO. :-)
All the best,
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
> --jfc
More information about the Python-list
mailing list