[Python-Dev] New miniconf module (original) (raw)
Sylvain Fourmanoit syfou at users.sourceforge.net
Wed Jul 26 22:45:35 CEST 2006
- Previous message: [Python-Dev] New miniconf module
- Next message: [Python-Dev] New miniconf module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
miniconf, OTOH, appears to have an interface compatible with capability security (I have not checked that the compiler.ast module used in its implementation is safe.)
I woudn't be 100% sure either (obviously, I didn't write this nice piece of code, let alone the underlying parser), but I read it and tried to abuse it without success (I haven't found obvious buffer overflow and such)... As far as I know, the abstract syntax tree generation exposed via compiler.ast is a safe operation, in the sense that it doesn't allow execution of code when feeded from arbitrary strings via compiler.parse(); in the worst case scenario, it raises a SyntaxError or similar exceptions, as documented... If anybody know more on this issue, I will be happy to hear about it.
miniconf has a few limitations one should be aware of:
- It is not preemptiple: concurrent calls to dump() or load() will have unpredictable results and must be avoided. This limitation should be fixed before the module is added to the standard library, IMHO.
If this is the general opinion, I will be glad to change this... The only reason miniconf is not thread-safe for the moment is that I chose to re-use over and over a single instance of each of my two processing classes to reduce resources usage, but this seems pretty pointless (and overly complicated) now that I look at it. Yours,
-- Sylvain <syfou at users.sourceforge.net>
Your files are now being encrypted and thrown into the bit bucket. EOF
- Previous message: [Python-Dev] New miniconf module
- Next message: [Python-Dev] New miniconf module
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]