On Mar 12, 2009, at 3:15 PM, Martin v. Löwis wrote:
You still wouldn't use the tempfile module in that case. Instead, you
would create a regular file, with the name base on the name of the
important file.
If the file is *really* important, you actually want to use a
temporary, randomly chosen, *unpredictable* name.
Think about the security implications of a file name that is in
advance known to an attacker as well as the fact that the said file
will replace an *important* system file.
See the details in any man page on mkstemp() and why it was introduced
to replace a predictable mktemp(). Also notice that even mktemp() is
better then what you proposed above.
Of course, the above are C functions. I don't think that Python
programming is immune from such security considerations either.
Zvezdan
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
