why use special config formats?

Steven D'Aprano steve at REMOVETHIScyber.com.au
Sat Mar 11 02:58:09 CET 2006

On Fri, 10 Mar 2006 09:08:36 -0800, tomerfiliba wrote:

> you can easily crash your web server (or make it non functional) if you
> pass an invalid port or host, or make it act weird by changing the
> timeouts or paths... so yeah, if the admin writes a config script that
> does os.system("rm -rf /"), well, too bad. 

Not if the code is being run on YOUR webserver and the config file is
being edited on some compromised PC in Romania.

> again -- the points are:
> * python is readable and easy to write config files with
> * usually admins change the configuration, and they have too much power
> anyway

So why do you want to give them MORE power?

> * if you worry about security/too much power, pickle your config

Huh? You think a competent sys admin can't learn enough Python to hack
your pickled file?

Binary configs only keep out legitimate users who don't have the time or
ability to learn how to hack the binary format. Black hats and power users
will break your binary format and hack them anyway.

> * if you need to edit your pickled config on a regular basis, serialize
> it with some other textual serializer (xml, etc).

But you forget the most important point of all:

* keep your data separate from your code.

> but inventing proprietary formats with unique syntaxes, and having to
> write and debug parsers for them -- that's stupid. a configuration is
> just a persistent state of your program. it shouldnt be any more
> complex than that.

Exactly. And that's why we have two or three common config file formats,
such as xml, ini files, etc. Pick one of them and stick to it.


More information about the Python-list mailing list