18 lines
769 B
Plaintext
18 lines
769 B
Plaintext
==== Strong security controls
|
|
|
|
Temporary files can be created using unsafe functions and API as long as strong
|
|
security controls are applied. Non-temporary file-handling functions and APIs
|
|
can also be used for that purpose.
|
|
|
|
In general, applications should ensure that attackers can not create a file
|
|
before them. This turns into the following requirements when creating the files:
|
|
|
|
* Files should be created in a non-public directory.
|
|
* File names should be unique.
|
|
* File names should be unpredictable. They should be generated using a
|
|
cryptographically secure random generator.
|
|
* File creation should fail if a target file already exists.
|
|
|
|
Moreover, when possible, it is recommended that applications destroy temporary
|
|
files after they have finished using them.
|