On Jan 4, 12:09 pm, Fredrik Lundh <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > Does any one know what kind of security risk these message are > > suggesting? > > >>>> f = os.tempnam() > > __main__:1: RuntimeWarning: tempnam is a potential security risk to > > your program > >>>> f > > '/tmp/filed4cJNX' > > >>>> g = os.tmpnam() > > __main__:1: RuntimeWarning: tmpnam is a potential security risk to > > your program > >>>> g > > '/tmp/fileENAuNw' > > you get a name instead of a file, so someone else can create that file > after you've called tempnam/tmpnam, but before you've actually gotten > around to create the file yourself. which means that anyone on the > machine might be able to mess with your application's data. > > use the functions marked as "safe" in the tempfile module instead. > > </F>
Thanks Fredrik, for the clear explanation!!! ~cw -- http://mail.python.org/mailman/listinfo/python-list
