Now the problem is I do not know how to edit the conf file...
let us say that I calculate something and would like to save it in the conf file so that it is set for the next run of some program.
How do I edit a specific value in the conf file? (I would like to avoid editing txt if possible)...
I should also mention that I use Python 3.. so some of the solutions I came across are not compatible...
This works, but in general importing configuration data by loading and executing code is a questionable approach. The problem is in particular that the code parser is always more strict with the syntax than a configuration file should be. Also, it presents the danger of code injection, especially when exec'ing or importing untrusted code.
That said, if you really want full programmability inside that configuration and are aware of the implications, you can do that. In that case, I would rather call this a Python module though and instead "from settings.py import *" to import any setting from this module (this is similar to exec(), but less hack-ish). I use something similar to import settings for automated tests, but still wouldn't recommend it for general use.
If you don't want that, use a configuration file parser instead. Python comes with one, see the section "13.2 Configuration file parser" at http://docs.python.org/2/library/, which can both read and write simple configuration files.
> I should also mention that I use Python 3.. so some of the solutions I
> came across are not compatible...
No you don't, Above code clearly uses a print statement instead of a print function. :P Anyhow, concerning the link above, replace the 2 with a 3 and skip to section 14.2.
> Am 16.11.2012 13:06, schrieb chip9munk:
>> I would like to use conf file to get all the variables in my code. And
>> it works great. I use the following (simple example):
> This works, but in general importing configuration data by loading and
> executing code is a questionable approach. The problem is in particular
> that the code parser is always more strict with the syntax than a
> configuration file should be. Also, it presents the danger of code
> injection, especially when exec'ing or importing untrusted code.
huh... ok, the thing is that there will actually be no code in the config file, just some variables and values.. it will be more like a "setting file"... so no execution of the config file is necessary, just getting and setting variables...
> That said, if you really want full programmability inside that
> configuration and are aware of the implications, you can do that. In
> that case, I would rather call this a Python module though and instead
> "from settings.py import *" to import any setting from this module (this
> is similar to exec(), but less hack-ish). I use something similar to
> import settings for automated tests, but still wouldn't recommend it for
> general use.
thank you for the tip!
> If you don't want that, use a configuration file parser instead. Python
> comes with one, see the section "13.2 Configuration file parser" at
> http://docs.python.org/2/library/, which can both read and write simple
> configuration files.
yes I will use it
>> I should also mention that I use Python 3.. so some of the solutions I
>> came across are not compatible...
> No you don't, Above code clearly uses a print statement instead of a
> print function. :P
Yes i do :) i just did not c/p code from my script but from some webpage :)) i have print (config["value1"])
> Anyhow, concerning the link above, replace the 2 with
> a 3 and skip to section 14.2.
thank you i am using configparser... the only problem as i mention in another post is that it reads lists as string... so some additional parsing is necessary..
> in general importing configuration data by loading and > executing code is a questionable approach. The problem is in particular > that the code parser is always more strict with the syntax than a > configuration file should be. Also, it presents the danger of code > injection, especially when exec'ing or importing untrusted code.
chip9munk <"chip9munk[SSSpAm"@gmail.com> wrote:
> huh... ok, the thing is that there will actually be no code in the > config file, just some variables and values.. it will be more like a > "setting file"... so no execution of the config file is necessary, just > getting and setting variables...
I've been using django for the past couple of years, and I have to say I'm really addicted to their style of executable config files. The ability to put conditional logic in your settings.py file is extremely powerful. Even simple stuff like:
But, yes, Ulrich is 100% correct that it can lead to code injection attacks if you allow reading configs from untrusted sources. Like all powerful tools, it needs to be used with care.
These days, if I was writing something that needed a config file and I didn't want to do "import settings" for whatever reason, I would go with YAML. It seems to give an attractive mix of:
* supporting complex data structures
* easy to for humans to hand-edit
* easy for humans to read
* safe from code injection attacks
On Nov 16, 7:08 pm, Roy Smith <r...@panix.com> wrote:
> These days, if I was writing something that needed a config file and I
> didn't want to do "import settings" for whatever reason, I would go with
> YAML. It seems to give an attractive mix of:
> * supporting complex data structures
> * easy to for humans to hand-edit
> * easy for humans to read
> * safe from code injection attacks
+1 except for a caveat on the last:
Use safe_load and safe_dump.
dump and load are vulnerable to code injection attacks
