Why is it a bad idea to write configuration data in code?

Question

Real-life case (from caff) to exemplify the short question subject:

$CONFIG{\'owner\'} = q{Peter Palfrader};
$CONFIG{\'email\'} = q{peter@palfrader.org};
$CO         


        

Answer 1

One major issue with this approach is that your config is not very portable. If a functionally identical tool were built in Java, loading configuration would have to be redone. If both the Perl and the Java variation used a simple key=value layout such as:

owner = "Peter Palfrader"
email = "peter@peter@palfrader.org"
...

they could share the config.

Also, calling eval on the config file seems to open this system up to attack. What could a malicious person add to this config file if they wanted to wreak some havoc? Do you realize that ANY arbitrary code in your config file will be executed?

Another issue is that it's highly counter-intuitive (at least to me). I would expect a config file to be read by some config loader, not executed as a runnable piece of code. This isn't so serious but could confuse new developers who aren't used to it.

Finally, while it's highly unlikely that the implementation of constructs like p{...} will ever change, if they did change, this might fail to continue to function.