How to store properties
dieter
dieter at handshake.de
Thu Feb 9 03:43:07 EST 2017
Cecil Westerhof <Cecil at decebal.nl> writes:
> ...
>> If you only want to read the configuration, just use an ordinary
>> file you import. For example config.py contains the lines:
>> username=myuser
>> server=myserver
>> password=secret
>>
>> In your script:
>>
>> import config
>>
>> Now you can referenc all the variables via config.<name>, e.g.
>> config.username
>
> That I know, but it is a security risk.
It is a security risk if you allow potential attackers to modify
the Python files. Then, however, those attackers could also modify
the Python code itself (rather than the config file).
Thus, the risk may not much increase (depending on how different
the protection for the config file is compared to that for other Python
source code).
> ...
>> Another method would be a dictionary for your config. You could
>> pickle and unpickle it.
>
> Is pickle not discouraged? Better to use a JSON file I think.
"pickle", too, has a potential security risk -- if you allow
unpickling from untrusted source. Usually, however, configuration
comes from trusted sources.
However, if JSON has sufficient data type support for you, go for it.
More information about the Python-list
mailing list