> miniconf, OTOH, appears to have an interface compatible with capability > security (I have not checked that the compiler.ast module used in its > implementation is safe.)
I woudn't be 100% sure either (obviously, I didn't write this nice piece of code, let alone the underlying parser), but I read it and tried to abuse it without success (I haven't found obvious buffer overflow and such)... As far as I know, the abstract syntax tree generation exposed via compiler.ast is a safe operation, in the sense that it doesn't allow execution of code when feeded from arbitrary strings via compiler.parse(); in the worst case scenario, it raises a SyntaxError or similar exceptions, as documented... If anybody know more on this issue, I will be happy to hear about it. > miniconf has a few limitations one should be aware of: > > - It is not preemptiple: concurrent calls to dump() or load() will > have unpredictable results and must be avoided. > > This limitation should be fixed before the module is added to the > standard library, IMHO. If this is the general opinion, I will be glad to change this... The only reason miniconf is not thread-safe for the moment is that I chose to re-use over and over a single instance of each of my two processing classes to reduce resources usage, but this seems pretty pointless (and overly complicated) now that I look at it. Yours, -- Sylvain <[EMAIL PROTECTED]> Your files are now being encrypted and thrown into the bit bucket. EOF _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
