Eric Christensen:

Secure coding advice for dealing with temporary files.

Originally posted on Kurt Seifried:

Creating temporary files  is a common use case in virtually every program. Virtually every programming language has a simple and secure way to create temporary files. Sadly many programmers fail to use them, creating security vulnerabilities in their applications. So in alphabetical order here is a list of programming languages and how to create a temporary file securely. If I’m wrong, please let me know. Note: when searching for a secure temporary file creation function/method/etc. looking for “mkstemp” is a quick way to find most of them. Please note a lot of sites (e.g. http://rosettacode.org/wiki/Secure_temporary_file) contain old/wrong information.

O_CREAT and O_EXCL (and similar)

When opening a temporary file in C you MUST use O_CREAT and O_EXCL together to ensure that the file is only created if the file does not exist. Otherwise between the time you check for the existence of a file and the time you create the file…

View original 884 more words

About these ads
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 226 other followers