[EMAIL PROTECTED] wrote: > Does any one know what kind of security risk these message are > suggesting? > >>>> f = os.tempnam() > __main__:1: RuntimeWarning: tempnam is a potential security risk to > your program >>>> f > '/tmp/filed4cJNX' > >>>> g = os.tmpnam() > __main__:1: RuntimeWarning: tmpnam is a potential security risk to > your program >>>> g > '/tmp/fileENAuNw'
you get a name instead of a file, so someone else can create that file after you've called tempnam/tmpnam, but before you've actually gotten around to create the file yourself. which means that anyone on the machine might be able to mess with your application's data. use the functions marked as "safe" in the tempfile module instead. </F> -- http://mail.python.org/mailman/listinfo/python-list
