Movatterモバイル変換

[Python-Dev] Remove tempfile.mktemp()

• Previous message (by thread):[Python-Dev] Remove tempfile.mktemp()
• Next message (by thread):[Python-Dev] Remove tempfile.mktemp()
• Messages sorted by:[ date ][ thread ][ subject ][ author ]

On 3/20/19, Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:> Antoine Pitrou wrote:>>> How is it more secure than using mktemp()?>> It's not, but it solves the problem someone suggested of another> program not being able to access and/or delete the file.NamedTemporaryFile(delete=False) is more secure than naive use ofmktemp(). The file is created exclusively (O_EXCL). Another standarduser can't overwrite it. Nor can another standard user delete it ifit's created in the default temp directory (e.g. POSIX "/tmp" has thesticky bit set). mkstemp() is similar but lacks the convenience andreliable resource management of a Python file wrapper.There's still the problem of accidental name collisions with otherprocesses that can access the file, i.e. processes running as the sameuser or, in POSIX, processes running as the super user. I saw asuggestion in this thread to increase the length of the randomsequence from 8 characters up to 22 characters in order to make thisproblem extremely improbable.

• Previous message (by thread):[Python-Dev] Remove tempfile.mktemp()
• Next message (by thread):[Python-Dev] Remove tempfile.mktemp()
• Messages sorted by:[ date ][ thread ][ subject ][ author ]