Thanks Alan for you advice!
Our environment is secured because the program is only for internal use.
We are supporting electronic designers. Nobody at work will write delete
codes inside (I hope). But, sure, I will check configParser module. I wanted
a straight forward config file because for TCL/TK GUI .config file is
already
existing in TCL format that executing same syntax '*set myvar myvar_value*'.
I wanted to recreate this mechanism for python gui.
Thanks to point out this security issue.
Is there any equivalent to JAVACC in python (or lex yacc) to create grammary
for config or format file?
Regards
Karim
On 08/25/2010 01:57 AM, Alan Gauld wrote:
"Karim" <karim.liat...@free.fr> wrote
>>> import params
>>> dir(params)
['EntryTextMail', 'EntryTextName', '__builtins__', '__doc__',
But the file to import should have '.py' extension (<Module>.py) (if
there is a way to avoid that I wanted to use a 'hidden' file kind of
".config" ,
You can exec a file and you can read the file into a string as a variable
then exec the string. BUT doing this is a huge security risk since anyone
can put any kind of arbitrary code in your config file and you will
blindly
execute it. That's why config files are generally not executable code
but some kind of data format - it's much safer and very little extra
work.
At first I tried to access it as variables instead of using
<Module>.variable. I learnt something here!
Any time you import a module you need to use the module name
to access its contents - or use the from moo import * format, but
that introduces even more risk!
I strongly recommend that you think again and use a data format
config file.
HTH,
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
http://mail.python.org/mailman/listinfo/tutor
