Except in the case where one line of code creates the temp file and then another immediately uses it and deletes is - as in my case. There is zero chance the user could FUS faster than my 2 lines of code create and delete the file.
Erg ________________________________ From: Graham Lee <graham....@sophos.com> To: Stephen J. Butler <stephen.but...@gmail.com>; Cocoa-Dev List <cocoa-dev@lists.apple.com> Sent: Tuesday, April 28, 2009 9:39:05 AM Subject: Re: C string constant->NSString constant without defining twice? On 28/04/2009 16:51, "Stephen J. Butler" <stephen.but...@gmail.com> wrote: > On Tue, Apr 28, 2009 at 10:18 AM, Erik Buck <erik.b...@sbcglobal.net> wrote: > >> Don't hard code paths! Use NSHomeDirectory() or NSTemporaryDirectory() or >> NSSearchPathForDirectoriesInDomains(). > > Not only that, but hardcoding filenames in tmp directories is > generally considered a security bug. You should be using mktemp or one > of its ilk. Not sure if there's a Cocoa API for that. It's not only a security bug but a buggy bug. If you see what I mean :-). What happens if two users are fast-user-switching on the same box? Both apps are using the same temporary data... Cheers, Graham. -- Graham Lee Senior Mac Software Engineer tel: +44 1235 540266 SOPHOS - simply secure Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom. Company Reg No 2096520. VAT Reg No GB 348 3873 20. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/erg_consultant%40yahoo.com This email sent to erg_consult...@yahoo.com _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
