带有 .py 文件的配置文件
[英]Config file with a .py file
问题描述
I have been told that doing this would be a not-very-good practice (it is present in the main answer of Python pattern for sharing configuration throughout application though):
有人告诉我这样做不是很好的做法(它出现在Python 模式的主要答案中,用于在整个应用程序中共享配置):
configfile.py配置文件.py
SOUNDENABLED = 1
FILEPATH = 'D:\\TEMP\\hello.txt'
main.py主文件
import configfile
if configfile.SOUNDENABLED == 1:
....
f = open(configfile.FILEPATH, 'a')
...
This is confirmed by the fact that many people use INI files for local configuration with ConfigParser module or iniparse or other similar modules.许多人使用 INI 文件通过ConfigParser模块或iniparse或其他类似模块进行本地配置这一事实证实了这一点。
Question: Why would using an INI file for local configuration + an INI parser Python module be better than just importing a configfile.py file containing the right config values as constants?问题:为什么使用 INI 文件进行本地配置 + INI 解析器 Python 模块比仅导入包含正确配置值作为常量的configfile.py文件更好?
4 个解决方案
解决方案1
5 已采纳 2016-12-02 11:09:03
The only concern here is that a .py can have arbitrary Python code, so it has a potential to break your program in arbitrary ways.这里唯一需要担心的是.py可以包含任意 Python 代码,因此它有可能以任意方式破坏您的程序。
If you can trust your users to use it responsibly, there's nothing wrong with this setup.如果您可以信任您的用户负责任地使用它,那么此设置没有任何问题。 If fact, at one of my previous occupations, we were doing just that, without any problems that I'm aware of.事实上, 在我以前的职业之一中,我们就是这样做的,没有任何我知道的问题。 Just on the contrary: it allowed users to eliminate duplication by autogenerating repetitive parts and importing other config files.恰恰相反:它允许用户通过自动生成重复部分和导入其他配置文件来消除重复。
Another concern is if you have many files, the configuration ones are better be separated from regular code ones, so users know which files they are supposed to be able to edit (the above link addresses this, too).另一个问题是,如果您有很多文件,最好将配置文件与常规代码文件分开,以便用户知道他们应该能够编辑哪些文件(上面的链接也解决了这个问题)。
解决方案2
3 2016-12-02 11:05:19
Importing a module executes any code that it contains.导入一个模块会执行它包含的任何代码。 Nothing restricts your configfile.py to containing only definitions.没有什么限制你的configfile.py只包含定义。 Down the line, this is a recipe for security concerns and obscure errors.归根结底,这是安全问题和模糊错误的秘诀。 Also, you are bound to Python's module search path for finding the configuration file.此外,您必须使用 Python 的模块搜索路径来查找配置文件。 What if you want to place the configuration file somewhere else, or if there is a name conflict?如果您想将配置文件放在其他地方,或者存在名称冲突怎么办?
解决方案3
1 2016-12-02 11:04:54
解决方案4
1 2016-12-02 11:06:57
It could be better for some reasons由于某些原因可能会更好
- The only extension that config file could have is
py.配置文件的唯一扩展名是py。 - You cannot distribute your program with configs in separate directory unless you put an
__init__.pyinto this directory除非您将__init__.py放入此目录,否则您不能在单独的目录中分发带有配置的程序 - Nasty users of your program can put any python script in config and do bad things.你程序的讨厌用户可以将任何 python 脚本放在配置中并做坏事。
For example, the YouCompleteMe autocompletion engine stores config in python module, .ycm_extra_conf.py .例如, YouCompleteMe自动完成引擎将配置存储在 python 模块.ycm_extra_conf.py中。 By default, each time config is imported, it asks you, whether you sure that the file is safe to be executed.默认情况下,每次导入配置时,它都会询问您是否确定文件可以安全执行。
- How would you change configuration without restarting your app?您将如何在不重新启动应用程序的情况下更改配置?
Generally, allowing execution of code that came from somewhere outside is a vulnerability, that could lead to very serious consequences.通常,允许执行来自外部某处的代码是一个漏洞,可能导致非常严重的后果。
However, if you don't care about these, for example, you are developing web application that executes only on your server, this is an acceptable practice to put configuration into python module.但是,如果您不关心这些,例如,您正在开发仅在您的服务器上执行的 Web 应用程序,那么将配置放入 python 模块是一种可接受的做法。 Django does so. Django 就是这样做的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.