Storing this big media files on the homedir is a potentially performance problem on systems where the home-dir is mounted over a shared network file-system (like happens on many shared computers at places like universities)
I think /var/tmp is the right place for this. This directory will be served from local storage, and never from a network file-system.
Also, the possibility of an attacker opening the file in the millisecond that happens between the file is created and the file is unlinked are pretty low.
Adding that to the fact that videos you watch on your browser is not something that I would consider critical information (like a password).
If you are that kind of person, is better you ensure that you are not sharing your computer with anyone when you watch the videos, rating than expecting WebKitGTK+ to do magic tricks to protect your privacy from the other users of your own computer.
So... I'm happy that in the end the simplest approach of storing the file on /var/tmp and unlink it was committed, and we didn't end creating an over-engineered solution to something I don't think is a real problem
Storing this big media files on the homedir is a potentially performance problem on systems where the home-dir is mounted over a shared network file-system (like happens on many shared computers at places like universities)
I think /var/tmp is the right place for this. This directory will be served from local storage, and never from a network file-system.
Also, the possibility of an attacker opening the file in the millisecond that happens between the file is created and the file is unlinked are pretty low.
Adding that to the fact that videos you watch on your browser is not something that I would consider critical information (like a password).
If you are that kind of person, is better you ensure that you are not sharing your computer with anyone when you watch the videos, rating than expecting WebKitGTK+ to do magic tricks to protect your privacy from the other users of your own computer.
So... I'm happy that in the end the simplest approach of storing the file on /var/tmp and unlink it was committed, and we didn't end creating an over-engineered solution to something I don't think is a real problem
Just my 2 cents.