SQLite Forum

Can I get the file name of a temporary on-disk database?
Login
"tmpnam()" does *not* provide 256 bits of randomness in its name.  It was
invented long, long ago when AT&T unix had a filename length limit of 14
characters, which limited the amount of randomness that could be applied.
And things like /dev/random had not yet been invented, which means that
you couldn't easily get good randomness to use to invent the name - an
attacker could guess your PRNG seed.  Hence, tmpnam() is considered insecure.

But these days, all filesystems have much longer length limits, and so it is
no problem to create a filename with an absurd amount of randomness taken
from a high-quality source, such as /dev/random.  The resulting filename
is perfectly safe.