Only perl parses perl hash notation?

Eyck has asked for the wisdom of the Perl Monks concerning the following question:

Esteemed seekers of wisdom,

I find perl hash notation very readable, so I tend to use it for config files, the problem is, that then I have to require/use the file ( which is insecure and unelegant ), and I would prefer to parse it, like you normally do with config files.

With some external lib parsing this hash notation it would be also easy to let non-perl based programs read such files..

First phase would be just parsing something like this:

   my $hash={
      'Key1' => "Value1",
      'Key2' => "Value2",
   };
[download]

next levels would handle arrays, comments, etc...

What would be the best way to handle this? (ie without evaling this, possibly with some kind of error reporting )

Has anyone else done anything like this, any big hurdles waiting for soul trying that ( I haven't found any module/lib handling this issue )?

UPDATE D'oh! Of course there is, Storable does exactly that.

Comment on Only perl parses perl hash notation? Select or Download Code

Replies are listed 'Best First'.
Re: Only perl parses perl hash notation? by inman (Curate) on Oct 05, 2004 at 10:30 UTC
Have a look at Storable for a method of persisting and retrieving data structures to file.	[reply]
Re: Only perl parses perl hash notation? by gaal (Parson) on Oct 05, 2004 at 10:29 UTC
This does not answer your question, but may be what you're looking for: YAML.	[reply]
Re^2: Only perl parses perl hash notation? by SpanishInquisition (Pilgrim) on Oct 05, 2004 at 13:00 UTC
YAML is beautiful, I like it a lot and use it often. If you aren't building complicated data structures, you might also be able to get away with some of the INI file type modules, or even (dare I say it) XML::Simple. Personally though, if YAML fits, I use it. I rarely need a config file that is composed of code anymore.	[reply]
Re^2: Only perl parses perl hash notation? by water (Deacon) on Oct 05, 2004 at 17:55 UTC
The monestery almost needs a YAML bot: find any post that matches 'serialize', 'config file', etc. and quickly offer up, 'use YAML'. But seriously, YAML is very slick and easy to use. Yet again, yaml++. water	[reply]
Re: Only perl parses perl hash notation? by Anonymous Monk on Oct 05, 2004 at 12:55 UTC
According to its manual page, Storable uses 'eval' to deserialize the data, so if you think that "use" is insecure, Storable is insecure as well.	[reply]
•Re^2: Only perl parses perl hash notation? by merlyn (Sage) on Oct 05, 2004 at 13:54 UTC
Storable uses `eval` only for code references, and only when so enabled. Please to be not raising non-problem issues. Storable is currently the most efficient and safest way to take an arbitrary data structure including blessed references and serialize it for later thawing. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: Only perl parses perl hash notation? by Anonymous Monk on Oct 05, 2004 at 11:57 UTC
What is insecure about using "require/use"? Does that mean you aren't using "use strict" or "use POSIX" either, because it's insecure? What about running your program, how's that more secure than requiring or using another file?	[reply]
Re^2: Only perl parses perl hash notation? by Fletch (Bishop) on Oct 05, 2004 at 12:18 UTC
He controls the source of his program, but perhaps he doesn't have complete control over the contents of the data file. If it's not from a trusted source then running it through `require` would execute any code contained therein and wouldn't be a good idea.	[reply] [d/l]
Re^3: Only perl parses perl hash notation? by SpanishInquisition (Pilgrim) on Oct 05, 2004 at 13:06 UTC
So basically you have a program running with extended privs that can possibly load files from unwanted locations. Sounds like you have issues controlling access to your runtime environment. You have bigger issues. If you are running a perl program as root and are concerned about joe user messing with it, you have a system wide security problem. If you are instead concerned about someone taking your software and shooting themselves in the foot because they wrote some (though not malicious) code in their own config file that accidentally did something stupid, get used to the Unix idiom -- if they shoot themselves in the foot, that's their problem for not reading the directions or playing with something they shouldn't. Meanwhile, clueless users can be defeated with YAML or XML::Simple or INI/Apache style config files.	[reply]
Re^3: Only perl parses perl hash notation? by Anonymous Monk on Oct 05, 2004 at 12:52 UTC
That's a lot of ifs (and still, not more insecure than say, running `perl -MCPAN -e'make "some package"'`). And the OP's first paragraph suggests he's writing the config files himself.	[reply]
Re: Only perl parses perl hash notation? by dave_the_m (Monsignor) on Oct 05, 2004 at 09:43 UTC
And your question is ... ? Dave.	[reply]
Re^2: Only perl parses perl hash notation? by Eyck (Priest) on Oct 05, 2004 at 09:49 UTC
Is there anything else but perl that can parse perl hash notation?	[reply]
Re^3: Only perl parses perl hash notation? by gothic_mallard (Pilgrim) on Oct 05, 2004 at 10:15 UTC
Probably not off the shelf, but I'm sure you could write a little app to parse it using any language that takes your fancy - it's only plain text when it comes down to it after all. --- Jay All code is untested unless otherwise stated.	[reply]
Re^3: Only perl parses perl hash notation? by Anonymous Monk on Oct 05, 2004 at 12:03 UTC
Note that perl is written in C, not Perl. So, it's C parsing Perl hash notation - not Perl. `:-)`	[reply]
Re^4: Only perl parses perl hash notation? by halley (Prior) on Oct 05, 2004 at 13:09 UTC
Re^5: Only perl parses perl hash notation? by BrowserUk (Patriarch) on Oct 05, 2004 at 13:46 UTC
Some notes below your chosen depth have not been shown here
Re^5: Only perl parses perl hash notation? by SpanishInquisition (Pilgrim) on Oct 05, 2004 at 13:53 UTC