RE: [Nolug] Perl Question

From: John Souvestre <johns_at_sstar.com>
Date: Fri, 1 Jun 2007 10:41:54 -0500
Message-ID: <006401c7a463$615c6070$0a01010a@JohnS>

Hi Ray.

Yes, thanks. I have to wonder why the author didn't do that to start with.

John

    John Souvestre - Southern Star - (504) 888-3348 - www.sstar.com

-----Original Message-----
From: owner-nolug@redfishnetworks.com [mailto:owner-nolug@redfishnetworks.com]
On Behalf Of -ray
Sent: Friday, June 01, 2007 10:34 AM
To: nolug@nolug.org
Subject: Re: [Nolug] Perl Question

If we want to get really technical, there exists a race condition between
the time you generate the filename and the time you actually open the
file. Ie, the file didnt exist when you generated the filename, but
exists when you get around to opening the file. This could be *very* bad.

To protect against this, use File::Temp. The tempfile() function returns
a temp filename and the filehandle at the same time, so you're better
assured that no other process (malicious or not) steals your filename
before you have a chance to open it.

ray

On Fri, 1 Jun 2007, B. Estrade wrote:

> I do not know how you are initializing things, but you should give
> your script a fighting chance of getting a unique file name on the
> first or second try.
>
> Initialize the name with an MD5 hash (Digest::MD5) of the { unix time
> (Time::Local) appended with a single rand(255) } ... Both modules are
> included as "core" modules by default. I'd also put that in the "do"
> block using the first construct below.
>
> Lastly, if using srand to salt the rand number generator, call it no
> more than once per script - especially not without a unique argument
> each time. See http://perldoc.perl.org/functions/srand.html .
>
> Cheers.
___________________
Nolug mailing list
nolug@nolug.org

___________________
Nolug mailing list
nolug@nolug.org
Received on 06/01/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST