Message 362778 - Python tracker

Message362778

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	wyz23x2
Recipients	ZackerySpytz, wyz23x2
Date	2020-02-27.06:36:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1582785388.81.0.167977917758.issue39768@roundup.psfhosted.org>
In-reply-to

Content
Reopen. 1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's serious. 2.Why not use this to generate a temporary name that an other program will create/act on? import secrets path = f"{x}{secrets.token_hex(n)}" # n is an large int # x is a path like "/tmp" # do something...

Content

Reopen.
1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's *serious*.
2.Why not use this to generate a
temporary name that an other program will create/act on?
import secrets
path = f"{x}{secrets.token_hex(n)}" # n is an large int
                                    # x is a path like "/tmp"
# do something...

History
Date	User	Action	Args
2020-02-27 06:36:28	wyz23x2	set	recipients: + wyz23x2, ZackerySpytz
2020-02-27 06:36:28	wyz23x2	set	messageid: <1582785388.81.0.167977917758.issue39768@roundup.psfhosted.org>
2020-02-27 06:36:28	wyz23x2	link	issue39768 messages
2020-02-27 06:36:28	wyz23x2	create