[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/DocumentTemplate - DT_Var.py:1.51
Matt Behrens
matt@zigg.com
Tue, 19 Mar 2002 08:32:15 -0500
> Environment variables are
> particularly attractive because they don't require you to think about
> how to get the global configuration option all the way down to the
> method that needs it -- but at best it becomes a great big mess, and
> at worst a security vulnerability.
Are environment variables really so bad? I am not so sure they are, and
I think I have my brain wrapped around the security implications pretty
well.
If InstallationAndConfiguration goes on the 2.6 plan, we'll have
ConfigParser-style configuration files for Zope instances. I was
planning on just doing a surface integration here, but if it's really
valuable to move away from environment variables, then we'll have to
establish some way to make the configuration available to whatever code
needs it, and move everything over to the new method. I am not sure
what that new method would be.
It is worth saying, I think, that some things just plain don't need to
be global options, and actually become less useful that way.