On Thu, 18 Feb 2010 21:34:58 -0800, Dennis Lee Bieber wrote: > On Thu, 18 Feb 2010 15:09:28 -0500, pyt...@bdurham.com declaimed the > following in gmane.comp.python.general: > >> 2. As soon as my process terminates (voluntarily or involuntarily), the >> temp file gets deleted. >> > Which only means the directory entry for it is lost... depending on > the OS, someone creating a new file in "w+" and performing a long seek > just to write one byte, may now have all those disk sectors your temp > file had been in -- and can read them at leisure. > > Or some file recovery tools might make a file out of the sectors... > > If you are really worried about the contents becoming visible after > "deletion" you should probably run a wipe operation on the file (write > random sequence over data; read/verify said random sequence; write new > random sequence over file; read/verify this sequence; write 1s > complement of sequence; read/verify that final sequence).
If that is your concern, then you shouldn't be using tempfile, you should be using permanent files and wiping them yourself. I think the OP is more concerned about the sort of security flaw where you open a temporary file, and some hostile process hijacks it before you're done with it. But once you're done with the file, you probably no longer care about the contents. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
