DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24401>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24401 Slight improvement to temporary file creation in servlet.multipart.MultipartParser.java Summary: Slight improvement to temporary file creation in servlet.multipart.MultipartParser.java Product: Cocoon 2 Version: 2.1.2 Platform: Other OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: core AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The temporary file creation is theoretically raceable, which could be an issue if people are using the directory specified by java.io.tmpdir or other shared temporary directories (which isn't recommended). I'm particually interested in this since the servlet.multipart package is useful to lots of servlets .. not just to cocoon itself. Anyway I've produced a very trivial patch which uses Java's 'createNewFile' method. This is specified to atomically create a new file IFF one doesn't already exist, and so should therefore be safer WRT to races (I suspect it's still raceble on NFS, but ought to be secure on most filesystems).
