add example for not using access

This commit is contained in:
Benjamin Peterson 2011-05-20 11:41:13 -05:00
parent 52f63eabeb
commit 30e10d8114
1 changed files with 20 additions and 1 deletions

View File

@ -916,7 +916,26 @@ Files and Directories
Using :func:`access` to check if a user is authorized to e.g. open a file
before actually doing so using :func:`open` creates a security hole,
because the user might exploit the short time interval between checking
and opening the file to manipulate it.
and opening the file to manipulate it. It's preferable to use :term:`EAFP`
techniques. For example::
if os.access("myfile", os.R_OK):
with open("myfile") as fp:
return fp.read()
return "some default data"
is better written as::
try:
fp = open("myfile")
except OSError as e:
if e.errno == errno.EACCESS:
return "some default data"
# Not a permission error.
raise
else:
with fp:
return fp.read()
.. note::