[Tutor] Retriving previous user inputs in a gui

[Karim]

Thanks Alan for you advice!

Our environment is secured because the program is only for internal use.
We are supporting electronic designers. Nobody at work will write delete
codes inside (I hope). But, sure, I will check configParser module. I wanted
a straight forward config file because for TCL/TK GUI .config file is 
already
existing in TCL format that executing same syntax '*set myvar myvar_value*'.
I wanted to recreate this mechanism for python gui.

Thanks to point out this security issue.
Is there any equivalent to JAVACC in python (or lex yacc) to create grammary
for config or format file?

Regards
Karim

On 08/25/2010 01:57 AM, Alan Gauld wrote:
>
> "Karim" <karim.liateni at free.fr> wrote
>
>> >>> import params
>> >>> dir(params)
>> ['EntryTextMail', 'EntryTextName', '__builtins__', '__doc__',
>
>> But the file to import should have '.py' extension (<Module>.py) (if 
>> there is a way to avoid that I wanted to use a 'hidden' file kind of 
>> ".config" ,
>
> You can exec a file and you can read the file into a string as a variable
> then exec the string. BUT doing this is a huge security risk since anyone
> can put any kind of arbitrary code in your config file and you will 
> blindly
> execute it. That's why config files are generally not executable code
> but some kind of data format - it's much safer and very little extra 
> work.
>
>> At first I tried to access it as variables instead of using 
>> <Module>.variable. I learnt something here!
>
> Any time you import a module you need to use the module name
> to access its contents - or use the from moo import * format, but
> that introduces even more risk!
>
> I strongly recommend that you think again and use a data format
> config file.
>
> HTH,
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/tutor/attachments/20100825/0e929c55/attachment.html>