On Thu, Dec 27, 2001 at 02:18:15PM +0100, Eric Van Buggenhaut wrote: > Hi, > I'm currently packaging libdbix-password-perl. > The upstream code requires the administrator to introduce the user > data (username, password, port, database, etc.) in the same Password.pm file, > which looks horrible to me. > So my idea is to create a config file in /etc sourced by the module. I > have never done this though, so I ask all Perl Mongers out there: > - what should the file be called ? /etc/Password.conf ? > - how should I source it from within the perl module ? Although creating perl config files that can be sourced is a very quick and easy way to make use of config files in perl (since your parser is already built-in), I've always considered it a somewhat hackish approach. Certainly, anyone not familiar with perl programming can easily break your script beyond all recognition just by incorrectly editing the sourced config file, in the process making it impossible for you to generate your own warning/error messages (well, without a fair deal of effort :). In addition, we occasionally get hosting customers here who want to have CGIs that use sourced config files, with other CGIs to edit those config files -- which means a clever attacker who was able to guess or learn the admin password could arbitrarily change the CGIs to do his bidding. Probably not an issue with what you're doing in your package, but it's definitely not something we want happening on a virtualhosting webserver. :) My own approach? Write your own parser for a simple 'key = value' style config file. This can usually be done in ten lines or less[1] using perl's powerful regexp engine. Cheers, Steve Langasek postmodern programmer [1] depending, of course, on your standards for code legibility ;)
Attachment:
pgp4Y0W5okoTy.pgp
Description: PGP signature