[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What config file for a .pm perl module ?

On Thu, Dec 27, 2001 at 02:18:15PM +0100, Eric Van Buggenhaut wrote:
> Hi,

> I'm currently packaging libdbix-password-perl.

> The upstream code requires the administrator to introduce the user
> data (username, password, port, database, etc.) in the same Password.pm file,
> which looks horrible to me.

> So my idea is to create a config file in /etc sourced by the module. I
> have never done this though, so I ask all Perl Mongers out there:

> - what should the file be called ? /etc/Password.conf ?

> - how should I source it from within the perl module ?

Although creating perl config files that can be sourced is a very quick 
and easy way to make use of config files in perl (since your parser is 
already built-in), I've always considered it a somewhat hackish 
approach.  Certainly, anyone not familiar with perl programming can 
easily break your script beyond all recognition just by incorrectly 
editing the sourced config file, in the process making it impossible for 
you to generate your own warning/error messages (well, without a fair 
deal of effort :).  In addition, we occasionally get hosting customers 
here who want to have CGIs that use sourced config files, with other 
CGIs to edit those config files -- which means a clever attacker who was 
able to guess or learn the admin password could arbitrarily change the 
CGIs to do his bidding.  Probably not an issue with what you're doing 
in your package, but it's definitely not something we want happening on
a virtualhosting webserver. :)

My own approach?  Write your own parser for a simple 'key = value' style 
config file.  This can usually be done in ten lines or less[1] using
perl's powerful regexp engine.

Steve Langasek
postmodern programmer

[1] depending, of course, on your standards for code legibility ;)

Attachment: pgp4Y0W5okoTy.pgp
Description: PGP signature

Reply to: