At 07:47 PM 7/26/2006 +0100, David Hopwood wrote: >Sylvain Fourmanoit wrote: > > I wrote a data persistence module called miniconf, aimed at making > > easy to create and safely retrieve configuration info from external, > > human-readable sources using Python syntax. I feel it would eventually > > make a nice addition to the standard library. > > >From a security point of view, this is a great improvement on the existing >pickle, marshal, and shelve modules. Those modules could not be safely >imported from restricted code. > >miniconf, OTOH, appears to have an interface compatible with capability >security. (I have not checked that the compiler.ast module used in its >implementation is safe.) However: > >+Limitations >+=========== >+ >+miniconf has a few limitations one should be aware of: >[...] >+- It is not preemptiple: concurrent calls to dump() or load() will >+ have unpredictable results and must be avoided. > >This limitation should be fixed before the module is added to the standard >library, IMHO.
It looks like it's trivial to fix; the code uses a strange and unnecessary complication of creating nested classes and nested singleton instances thereof. Getting rid of the singletons to create a new instance for each dump/load call would suffice to make the implementation re-entrant, although de-nesting the classes would also be a good idea. :) The loading code could also be made a lot faster by using a dictionary mapping AST node types to functions, instead of doing string manipulation for each node. Each function could take 'pedantic' as a parameter, which would eliminate the need to have an object at all, let alone a singleton. Finally, there is an interesting characteristic of the code's interpretation of names: any name other than 'True' is interpreted as 'False'! On the whole, though, I don't see a lot of difference between this format and say, JavaScript Object Notation (JSON), which can be parsed and generated by many other languages as well as multiple Python libraries already. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
