On Tue, May 6, 2008 at 4:19 AM, Tristan Seligmann <[EMAIL PROTECTED]> wrote: > * Antoine Pitrou <[EMAIL PROTECTED]> [2008-05-06 10:47:23 +0000]: > > Sorry to revive this thread, but mktemp() is very useful when the file is > meant > > to be created by another application (e.g. launched by subprocess, but it > could > > even be a daemon running under a different user). For example if I have a > > processing chain to converts a PDF to a temporary JPEG using an external > tool > > and then does other things with the JPEG: I don't want Python to actually > > create the file, just to generate an unique filename. > > The correct way to do this is to create a temporary directory, and then > generate a filename underneath that directory to use.
Good catch. The problem with mktemp() is exactly its convenience, which opens it up for well-documented symlink attacks. -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
