[Python-Dev] Warn about mktemp once again?
Antoine Pitrou
solipsis at pitrou.net
Tue May 6 12:47:23 CEST 2008
<skip <at> pobox.com> writes:
>
> Back in r29829, Guido commented out the security hole warning for
> tempfile.mktemp:
>
[...]
>
> Comment out the warnings about mktemp(). These are too annoying, and
> often unavoidable.
>
> Any thought about whether this warning should be restored? We're 5+ years
> later. Hopefully many uses of mktemp have been removed. If we're not going
> to restore the warning perhaps the commented code should just be deleted.
Sorry to revive this thread, but mktemp() is very useful when the file is meant
to be created by another application (e.g. launched by subprocess, but it could
even be a daemon running under a different user). For example if I have a
processing chain to converts a PDF to a temporary JPEG using an external tool
and then does other things with the JPEG: I don't want Python to actually
create the file, just to generate an unique filename.
Of course one can use NamedTemporaryFile, retrieve the name, close the file
handle and then pass the name to the other application. But it's an useless
complication compared to the simplicity of writing
"my_filename = tempfile.mktemp()"
More information about the Python-Dev
mailing list