Mike Meyer wrote:
> "guy lateur" <[EMAIL PROTECTED]> writes:
>
>
>>>>Also note that this method of creating tempfiles is technically unsafe,
>>>>as it is theoretically possible that another process would create a file
>>>>of the same name in the same directory and then try to use it, resulting
>>>>in a race condition between the two processes. This is practically
>>>>unlikely, however, and I'm a pragmatist.
>>
>>I see what you mean, but wouldn't a call to open(fn, 'w') on a filename
>>that's in use (for reading or writing) result in an error condition or
>>something? I'm a noob, btw.
>
>
> Not necessarily - it depends on the OS. Unix is quite happy to let
> multiple processes read/write a file at the same time.
>
> FWIW, this also means that the methodology as outlined is
> insecure. Some other program can read the temporary file as it exists
> on the disk, thus disclosing it's contents to unauthorized readers.
Right. So we are all adults here and if that matters to your application
you've got to find a different way, perhaps by using
tmpFile = tempfile.NamedTemporaryFile()
instead of
tmpFile = tempfile.mktemp()
and
os.spawnlp(os.P_WAIT, "winword.exe", "winword.exe", tmpFile.name)
instead of
os.system("winword.exe %s" % tmpFile)
but I don't think all (if any) versions of Windows can handle opening
that file while we are holding it open already. And I guess it still
doesn't make it secure because the file exists on disk and can be read.
So I stand by my prior, simpler solution, that will work portably and
reliably for all practical purposes, purposeful maliciousness excepted.
If you are worried about security, you would't be saving the file to the
temp directory in plain text anyway.
If there is a portable, reliable, secure, and simple solution that I've
overlooked, however, I'm all ears. :)
Now, if the OP's requirement is specifically for winword on Windows, a
more specific approach could be used that doesn't involve saving any
temporary files at all, such as by using COM automation to build the
document. But I hate nonportable solutions! :)
--
Paul McNett
http://paulmcnett.com
--
http://mail.python.org/mailman/listinfo/python-list
