{"id":44053,"date":"2014-09-17T07:00:00","date_gmt":"2014-09-17T07:00:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2014\/09\/17\/poor-mans-comments-inserting-text-that-has-no-effect-into-a-configuration-file\/"},"modified":"2014-09-17T07:00:00","modified_gmt":"2014-09-17T07:00:00","slug":"poor-mans-comments-inserting-text-that-has-no-effect-into-a-configuration-file","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20140917-00\/?p=44053","title":{"rendered":"Poor man&#039;s comments: Inserting text that has no effect into a configuration file"},"content":{"rendered":"<p>\nConsider a program which has a configuration file,\nbut the configuration file format does not have provisions for comments.\nMaybe the program has a &#8220;list of authorized users&#8221;, where each line\ntakes the form\n<code>allow x<\/code> or <code>deny x<\/code>,\nwhere <code>x<\/code> is a group or user.\nFor example, suppose we have <code>access_list<\/code> that goes like this:\n<\/p>\n<pre>\nallow payroll_department\ndeny alice\nallow personnel_department\nallow bob\n<\/pre>\n<p>\nThis is the sort of file that can really use comments\nbecause people are going to want to know things like\n&#8220;Why does Bob have access?&#8221;\n<\/p>\n<p>\nOne way of doing this is to embed the comments in the configuration\nfile in a way that has no net effect.\nYou can do this to add separator lines, too.\n<\/p>\n<pre>\ndeny !____________________________________________________________\nallow payroll_department\ndeny !alice_is_an_intern_and_does_not_need_access_to_this_database\ndeny alice\ndeny !____________________________________________________________\nallow personnel_department\ndeny !____________________________________________________________\ndeny !temporary_access_for_auditor\ndeny !see_service_request_31415\ndeny !access_expires_on_2001_12_31\nallow bob\n<\/pre>\n<p>\nAssuming that you don&#8217;t have any users whose names begin with\nan exclamation point,\nthe extra <code>deny !...<\/code> lines have no effect:\nThey tell the system to deny access to a nonexistent user.\n<\/p>\n<p>\nSometimes finding the format of a line that has no effect can take some\ncreativity.\nFor example, if you have a firewall configuration file,\nyou might use URLs that correspond to no valid site.\n<\/p>\n<pre>\nallow nobody http:\/\/example.com\/PAYROLL_DEPARTMENT\/--------------------\nallow alice http:\/\/contoso.com\/payroll\/\nallow nobody http:\/\/example.com\/PURCHASING_DEPARTMENT\/-----------------\nallow bob http:\/\/contoso.com\/purchasing\/\nallow nobody http:\/\/example.com\/SPECIAL_REQUEST\/-----------------------\nallow ceo https:\/\/www.youtube.com\/\n<\/pre>\n<p>\nOf course, these extra lines create work for the program,\nsince it will sit there evaluating rules that will never apply.\nYou may have to craft them in a way so that they have minimum cost.\nIn the example above,\nwe assigned the comments to a user called\n<code>nobody<\/code> which presumably will never try to access the Internet.\nWe definitely didn&#8217;t want to write the comment like\n<\/p>\n<pre>\nallow * http:\/\/example.com\/PAYROLL_DEPARTMENT\/-------------------------\n<\/pre>\n<p>\nbecause that would evaluate the dummy rule for every user.\n<\/p>\n<p>\nIf you are willing to add a layer of process,\nyou can tell everybody to stop editing the configuration files directly\nand instead edit an alternate file that gets preprocessed into a\nconfiguration file.\nFor example, we might have\n<code>access_list.commented<\/code> that goes\n<\/p>\n<pre>\n\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\nallow payroll_deparment\ndeny alice \/\/ payroll intern does not need access to this database.\n\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\nallow personnel_department\n\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\nallow bob \/\/ Temporary access for auditor, see SR 31415. Expires 2001\/12\/31.\n<\/pre>\n<p>\nEverybody agrees to edit the <code>access_list.commented<\/code> file,\nand after each edit they run a script that sends the file through\nthe C++ preprocessor and puts the result in the\n<code>access_list<\/code> file.\nBy using the C++ preprocessor, you enable features like\n<code>#include<\/code> directives and\n<code>#define<\/code> macros.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Consider a program which has a configuration file, but the configuration file format does not have provisions for comments. Maybe the program has a &#8220;list of authorized users&#8221;, where each line takes the form allow x or deny x, where x is a group or user. For example, suppose we have access_list that goes like [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-44053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"<p>Consider a program which has a configuration file, but the configuration file format does not have provisions for comments. Maybe the program has a &#8220;list of authorized users&#8221;, where each line takes the form allow x or deny x, where x is a group or user. For example, suppose we have access_list that goes like [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/44053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=44053"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/44053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=44053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=44053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=44053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}