[Guido]
> Every few months I receive patches that purport to make the tempfile
> module more secure. I've never felt that it is a problem. What is
> with these people?
Doing a google search on
tempfile security
turns up hundreds of rants. Have fun <wink>. There does appear to be a
real vulnerability here somewhere (not necessarily Python), but the closest
I found to a clear explanation in 10 minutes was an annoyed paragraph,
saying that if I didn't already understand the problem I should turn in my
Unix Security Expert badge immediately. Unfortunately, Bill Gates never
issued one of those to me.
> ...
> Is the "random-tempfile" patch that the poster below suggested worth
> applying?
Certainly not the patch he posted! And for reasons I sketched in my
patches-list commentary, I doubt any hack based on pseudo-random numbers
*can* solve anything.
assuming-there's-indeed-something-in-need-of-solving-ly y'rs - tim
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4