Jeff wrote: > Brad, > > I thought you might find this helpful: > > ---------------------- > Temporary (tmp) files > > Most programs need to create temporary files, and this can be done perfectly > safely if a little care and attention is taken. The first thing a program > should do is honor the "TMP_DIR" environment variable. This allows users to > create a ~/tmp_dir directory (or similar) which can be much more protected > than > the world accessible /tmp directory. Okay, so we should stick our temp directory in a protected/non-accessable location. I think this should be defined in the config file. > Also if you must create temp files give > them truly random names. Using the process PID or time of day, or other > variables which should not "collide" will not prevent malicious users from > creating many tempfiles in the hopes your program will open one and overwrite > it. Okay, this is something I'm definately not doing. The temp files describing a front end are very structured (purposely, to make it easier to read and debug and to make the represenation of the workspace make sense). I don't think it would be that hard to start making them random names, we could just define a dictionary that maps random numbers to actual names: save_file[234A58B67] = 'workspace1/workspace2/viewer3.xml' or something like this. But I don't really understand the security argument here. Why should it matter to have random versus ordered names? > Also make sure that the file doesn't exist before creating it, Right now the way it creates directories and files, files will never be written over the top of each other. Do you think this article implies I should change things about the current storage to make it safer, or am I doing things right? I'm not positive about the random file stuff. Brad