On Tue, Feb 23, 2016 at 5:17 AM, Jon Ribbens
<jon+use...@unequivocal.co.uk> wrote:
> On 2016-02-22, Ethan Furman <et...@stoneleaf.us> wrote:
>> On 02/14/2016 04:08 PM, Ben Finney wrote:
>>> I am unconcerned with whether there is a real filesystem entry of that
>>> name; the goal entails having no filesystem activity for this. I want a
>>> valid unique filesystem path, without touching the filesystem.
>>
>> This is impossible. If you don't touch the file system you have no way
>> to know if the path is unique.
>
> Weeeeeell, I have a lot of sympathy for that point, but on the other
> hand the whole concept of UUIDs ("import uuid") is predicated on the
> opposite assumption.
Not quite opposite. Ethan is asserting that you cannot be *certain*
without actually checking the FS; the point of UUIDs is that you can
be fairly *confident* that there won't be a collision. There is a
nonzero probability of accidental collisions, and if an attacker is
deliberately trying to _force_ a collision, it's most definitely
possible. So both views are correct.
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
