On Tuesday, 17 January 2023 at 23:12:26 UTC, H. S. Teoh wrote:
On Sun, Jan 15, 2023 at 01:53:51PM +0000, Dmytro Katyukha via
Digitalmars-d-announce wrote: [...]
[...]
Yes it would be nice. But there may be security implications.
For Posix, I see you use mkdtemp, which is secured by the OS /
libc implementor. But for non-Posix, you used std.random; this
is insecure because std.random is not intended for
cryptographic applications, and anything not designed for
crytographic security is vulnerable to exploits. Also, you
need to be careful with the default permissions with the temp
directory is created; leaving it up to whatever's set in the
user's environment is generally unwise.
[...]
Hi,
Thank you for your feedback)
