Why do so many apps/frameworks keep their configuration files in an un-executed format?
Many frameworks keep their configuration files in a language different from the rest of the program. Eg, Appengine keeps the configuration in yaml format. to compare, DJango settings.py is a python module. There are many disadvantages I can see with this.
If its in same language as rest of the program, I can
Do interesting things in the configuration file.
MEDIA_DIR = os.path.join(os.path.dir(__file__), 'media')
#Or whaever the correct cals are, you get the idea.
- Don't have to learn a new(admittedly lightweight) format
- My tools work as expected with it.
- I can just do
import conf
etc.
I can see the advantages if it were a heavyweight language like C/C++ etc, but for python why does it make sense. It just seems like taking away power witho开发者_运维知识库ut adding any benefits.
Some framework designers feel that the configuration files are inappropriate places for heavy logic. Just as the MVC framework prevents you from putting logic where it does not belong, the configuration file prevents you from putting programming where it does not belong.
It's a matter of taste and philosophy.
That said, I prefer Django's method.
Python may not always be the only language that appengine runs on. So the same yaml configuration file could drive an appengine app written in, for example, java or perl
Sometimes you need to use an automatic/GUI tool to parse and/or generate and/or modify a configuration file. This is not easy if your conffile is a python script.
There is a very good reason: if your program is distributed in an unsafe environment, like the user computer, executing a text file which is so easy to modify is the door open to many viruses. This is less the case with a django application where the application is hosted on the server - a safe environment. But with an application distributed on windows using py2exe, you should refrain to make your program execute random stuff.
Another reason for using a syntax like YAML is that you can manipulate the file using other tools, even other languages, the format is portable and documented enough.
That said, when I need to have a configuration file with a python program, I use a python dictionnary with a few security measures:
- remove the enclosing { } so that it does not eval directly to a python expression
- use of safe_eval to discard any executable item.
It probably just didn't occur to them that they could do it. Many programmers are from the old days where scripting languages were slow and not really more simple than the programming languages (just look at things like Unix shells). When nifty dynamic languages came along, they just stuck to "text only config files" because that's what they always did.
精彩评论