How secure are temp files created via tempfile.TemporaryFile()?

Steven D'Aprano steve at
Fri Feb 19 06:52:03 CET 2010

On Thu, 18 Feb 2010 21:34:58 -0800, Dennis Lee Bieber wrote:

> On Thu, 18 Feb 2010 15:09:28 -0500, python at declaimed the
> following in gmane.comp.python.general:
>> 2. As soon as my process terminates (voluntarily or involuntarily), the
>> temp file gets deleted.
> 	Which only means the directory entry for it is lost... depending 
> the OS, someone creating a new file in "w+" and performing a long seek
> just to write one byte, may now have all those disk sectors your temp
> file had been in -- and can read them at leisure.
> 	Or some file recovery tools might make a file out of the 
> 	If you are really worried about the contents becoming visible 
> "deletion" you should probably run a wipe operation on the file (write
> random sequence over data; read/verify said random sequence; write new
> random sequence over file; read/verify this sequence; write 1s
> complement of sequence; read/verify that final sequence).

If that is your concern, then you shouldn't be using tempfile, you should 
be using permanent files and wiping them yourself.

I think the OP is more concerned about the sort of security flaw where 
you open a temporary file, and some hostile process hijacks it before 
you're done with it. But once you're done with the file, you probably no 
longer care about the contents.


More information about the Python-list mailing list