On Fri, 14 Jan 2005, John Richard Moser wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>
>D. Richard Hipp wrote:
>
>> I don't *think* this is a problem.  But version 3.1 will contain
>> extra security features just to make sure.  In particular, it will
>> initialize the random number generated used to create temp file
>> names from /dev/urandom if available.
>
>If you want to create temporary file names, use mkstemp(3) to create and
>open a file, then close it and open it with sqlite3_open().

$ man mkstemp
 ...
BUGS
 ...
       Don't use this function, use tmpfile(3) instead. It's bet­
       ter defined and more portable.


So long as the file name is unique, I don't think it really matters how it
was generated, so long as it is valid and opened securely.


For non-temporary files (the sort passed into sqlite3_open()) you don't
want a temporary file name. sqlite3_open is used internally to open
temporary files.

If YOU are creating a temporary database, simply use a memory database by
passing ":memory:" as the file name to sqlite3_open.

Christian

-- 
    /"\
    \ /    ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
     X                           - AGAINST MS ATTACHMENTS
    / \

Reply via email to