Question on os.tempnam() vulnerability

[Fredrik Lundh]

Grant Edwards wrote:

>> IOW, it's the same approach as on Unix.
> 
> Not really.  Under Unix you can safely create a temp file with
> a name that can be used to open the file.

Unless I'm missing something, it's not possible to do this in a safe
way in the shared temp directory; you can do that only by creating a 
file in a directory that's under full control of your user.

And *that* approach works on Windows as well, of course.

</F>