20. Handling Configuration Files Safely

Configuration files often contain sensitive data. Validate structure and avoid unsafe parsers.

Insecure Example

import yaml
config = yaml.load(open("config.yaml"))  # Unsafe loader!

Secure Example

import yaml
with open("config.yaml", "r", encoding="utf-8") as f:
    config = yaml.safe_load(f)

✅ Lesson: Always use safe loaders (e.g., yaml.safe_load, json.load) to avoid arbitrary code execution.