[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What config file for a .pm perl module ?

On Thu, Dec 27, 2001 at 09:19:16AM -0600, Steve Langasek wrote:
> On Thu, Dec 27, 2001 at 02:18:15PM +0100, Eric Van Buggenhaut wrote:
> > Hi,
> > I'm currently packaging libdbix-password-perl.
> > The upstream code requires the administrator to introduce the user
> > data (username, password, port, database, etc.) in the same Password.pm file,
> > which looks horrible to me.
> > So my idea is to create a config file in /etc sourced by the module. I
> > have never done this though, so I ask all Perl Mongers out there:
> > - what should the file be called ? /etc/Password.conf ?
> > - how should I source it from within the perl module ?
> Although creating perl config files that can be sourced is a very quick 
> and easy way to make use of config files in perl (since your parser is 
> already built-in), I've always considered it a somewhat hackish 
> approach.  Certainly, anyone not familiar with perl programming can 
> easily break your script beyond all recognition just by incorrectly 
> editing the sourced config file, in the process making it impossible for 
> you to generate your own warning/error messages (well, without a fair 
> deal of effort :).  In addition, we occasionally get hosting customers 
> here who want to have CGIs that use sourced config files, with other 
> CGIs to edit those config files -- which means a clever attacker who was 
> able to guess or learn the admin password could arbitrarily change the 
> CGIs to do his bidding.  Probably not an issue with what you're doing 
> in your package, but it's definitely not something we want happening on
> a virtualhosting webserver. :)
> My own approach?  Write your own parser for a simple 'key = value' style 
> config file.  This can usually be done in ten lines or less[1] using
> perl's powerful regexp engine.

The key=value strategy may not work in my case because I must generate
a hash of hashes, this style:

my $virtual1 = {
        'acs' => {
                         'username' => 'root',
                         'password' => 'o.e,13',
                         'port' => '',
                         'database' => 'acs',
                         'attributes' => {},
                         'connect' => 'DBI:mysql:database=acs;host=localhost',
                         'driver' => 'mysql',
                         'host' => 'localhost'
        'personales' => {
                         'username' => 'root',
                         'password' => 'v.rc,3',
                         'port' => '',
                         'database' => 'acs',
                         'attributes' => {},
                         'connect' => 'DBI:mysql:database=PaginasPersonales;host=
                         'driver' => 'mysql',
                         'host' => 'localhost'

I wanted to be able to use a config file similar to /etc/passwd like:

#This is the list of users needed by DBIx::Password
#Syntax is:
#You can use simple quotes when field contains colon(s)


And wrote the parser:

#!/usr/bin/perl -w

#open (IN,"/etc/dbix-password.conf");
open (IN,"dbix-password.conf");

while (<IN>) {
        next if (/^#/ || /^$/);
        @host = m/:?([^':]*)||:?'([^']*)'/g;
        foreach (@host) {print "$_ "};
        print "\n";

close IN;

But this misteriously matches empty fields and I haven't been able to find out where my parser fails ... Something like that:

acs  root  op.re,13    acs  {}       DBI:mysql:database=acs:host=localhost mysql  localhost
personales  root  op.re,13    acs  {}       DBI:mysql:database=PaginasPersonales:host=localhost mysql  localhost

So if anyone has an idea ...

Thanks to all people who helped me.

Eric VAN BUGGENHAUT     "Hay tampones y tampones ..."
			(Eva Serrano)
        \_|_/           Andago
       \/   \/          Av. Santa Engracia, 54
a n d a g o  |--        E-28010 Madrid - tfno:+34(91)2041100
       /\___/\ 		http://www.andago.com
        / | \           "Innovando en Internet"

Reply to: