How insecure is / replacement for tmpnam?

I considered using tmpnam to set the output file name of a QPrinter. But the Python documentation recommends against using it.

os.tmpnam()

Return a unique path name that is reasonable for creating a temporary file. ... Applications are responsible for properly creating and managing files create开发者_JAVA技巧d using paths returned by tmpnam(); no automatic cleanup is provided.

Warning

Use of tmpnam() is vulnerable to symlink attacks; consider using tmpfile() (section File Object Creation) instead.

Windows: Microsoft’s implementation of tmpnam() always creates a name in the root directory of the current drive, and that’s generally a poor location for a temp file (depending on privileges, you may not even be able to open a file using this name).

• Is this really insecure if my application doesn't need any special privileges?
• What are secure alternatives considering that I can only set a path as the output file name of the QPrinter?

Please read http://docs.python.org/library/tempfile.html

Use that instead.

Depending on how your QPrinter deals with a file that already exists, you could use QTemporaryFile to create a file, then close the file and keep the reference to the QTemporaryFile object around until you are done with it. (This will also clean up the file for you when you destroy the object.)