Skip to main content

Insecure Temporary Files


Securely store sensitive information


  • Usage of Elixir (1.11 and above) for building scalable and fault-tolerant applications
  • Usage of Phoenix Framework (1.5+) for building web applications


Non compliant code

defmodule TempFilesController do
use MyAppWeb, :controller
def write(conn, %{'data' => data}) do
File.write!('/tmp/temp_file', data)
send_resp(conn, 200, "Data written to temporary file.")

The above code is vulnerable because it writes sensitive information to a temporary file '/tmp/temp_file'. This file is accessible to all other users on the system, and can also be read by any other processes. This exposes the sensitive information to potential unauthorized access and theft.


  • Avoid saving sensitive information in temporary files.
  • Encrypt sensitive data before saving.
  • Ensure temporary files are securely deleted after use.

Compliant code

defmodule SecureStorageController do
use MyAppWeb, :controller
def write(conn, %{'data' => data}) do
encrypted_data = Encryption.encrypt(data)
{:ok, _} = SecureStorage.put(encrypted_data)
send_resp(conn, 200, "Data securely stored.")

In the secure code example, the sensitive data is first encrypted before being stored, ensuring that even if unauthorized access were to occur, the data would be unreadable without the decryption key. The 'SecureStorage' is a hypothetical secure storage system that should be substituted with an actual secure data storage system in your application.