Message389394
> A secure `mktemp` could be as simple as ...
Though in practice, I'd rather be inclined to make the change in `tempfile._RandomNameSequence`, so as to get the same behavior across the entire module, instead of special-casing `mktemp`. As Guido van Rossum points out (see <https://mail.python.org/pipermail/python-dev/2019-March/156746.html>), that would improve the security of all the names generated by the `tempfile` module, not just `mktemp`:
> Hm, the random sequence (implemented in tempfile._RandomNameSequence) is
> currently derived from the random module, which is not cryptographically
> secure. Maybe all we need to do is replace its source of randomness with
> one derived from the secrets module. That seems a one-line change. |
|
Date |
User |
Action |
Args |
2021-03-23 15:41:03 | dlukes | set | recipients:
+ dlukes |
2021-03-23 15:41:03 | dlukes | set | messageid: <1616514063.52.0.708008091286.issue43604@roundup.psfhosted.org> |
2021-03-23 15:41:03 | dlukes | link | issue43604 messages |
2021-03-23 15:41:03 | dlukes | create | |
|