[Python-Dev] Remove tempfile.mktemp() (original) (raw)
Victor Stinner vstinner at redhat.com
Tue Mar 19 09:53:25 EDT 2019
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I would prefer to keep tempfile.mktemp(), remove the deprecation, but better explain the risk of race condition affecting security.
Le mar. 19 mars 2019 à 14:41, Chris Angelico <rosuav at gmail.com> a écrit :
Can't you create a NamedTemporaryFile and permit the other program to use it? I just tried that (with TiMidity, even though it's quite capable of just writing to stdout) and it worked fine.
When I write tests, I don't really care of security, but NamedTemporaryFile caused me many troubles on Windows: you cannot delete a file if it's still open in a another program. It's way more convenient to use tempfile.mktemp().
O_EXCL, open(tmpname, "wx"), os.open(tmpname, os.O_CREAT | os.O_EXCL | os.O_WRONLY), etc. can be used to get an error if the file already exists.
I agree that for production code where security matters, tempfile.mktemp() must be avoided. But I would prefer to keep it for tests.
"with NamedTemporaryFile() as tmp: name = tmp.name" isn't a great replacement for tempfile.mktemp(): it creates the file and it opens it, whereas I only want a file name and be the first file to create and open it.
Victor
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]