diff -ur CGI-Session-4.07.orig/lib/CGI/Session/Driver/db_file.pm CGI-Session-4.07/lib/CGI/Session/Driver/db_file.pm
--- CGI-Session-4.07.orig/lib/CGI/Session/Driver/db_file.pm	2006-03-09 13:02:19.000000000 +0100
+++ CGI-Session-4.07/lib/CGI/Session/Driver/db_file.pm	2006-03-15 12:06:15.000000000 +0100
@@ -21,7 +21,7 @@
 
     $self->{FileName}  ||= $CGI::Session::Driver::db_file::FILE_NAME;
     unless ( $self->{Directory} ) {
-        $self->{Directory} = dirname( $self->{FileName} );
+        $self->{Directory} = File::Spec->tmpdir(); );
         $self->{FileName}  = basename( $self->{FileName} );
     }
     unless ( -d $self->{Directory} ) {
@@ -37,7 +37,7 @@
     my ($sid) = @_;
     croak "retrieve(): usage error" unless $sid;
 
-    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDONLY) or return;
+    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDONLY|O_EXCL) or return;
     my $datastr =  $dbhash->{$sid};
     untie(%$dbhash);
     $unlock->();
@@ -50,7 +50,7 @@
     my ($sid, $datastr) = @_;
     croak "store(): usage error" unless $sid && $datastr;
 
-    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR|O_CREAT, LOCK_EX) or return;
+    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR|O_CREAT|O_EXCL, LOCK_EX) or return;
     $dbhash->{$sid} = $datastr;
     untie(%$dbhash);
     $unlock->();
@@ -64,7 +64,7 @@
     my ($sid) = @_;
     croak "remove(): usage error" unless $sid;
 
-    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR, LOCK_EX) or return;
+    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR|O_EXCL, LOCK_EX) or return;
     delete $dbhash->{$sid};
     untie(%$dbhash);
     $unlock->();
@@ -83,7 +83,7 @@
     $lock_type ||= LOCK_SH;
 
     my $lock_file = $db_file . '.lck';
-    sysopen(LOCKFH, $lock_file, O_RDWR|O_CREAT) or die "couldn't create lock file '$lock_file': $!";
+    sysopen(LOCKFH, $lock_file, O_RDWR|O_CREAT|O_EXCL) or die "couldn't create lock file '$lock_file': $!";
     flock(LOCKFH, $lock_type)                   or die "couldn't lock '$lock_file': $!";
     return sub {
         close(LOCKFH) && unlink($lock_file);
@@ -101,7 +101,7 @@
     my $db_file     = File::Spec->catfile( $self->{Directory}, $self->{FileName} );
     my $unlock = $self->_lock($db_file, $lock_type);
     my %db;
-    unless( tie %db, "DB_File", $db_file, $o_mode, 0666 ){
+    unless( tie %db, "DB_File", $db_file, $o_mode, 0600 ){
         $unlock->();
         return $self->set_error("_tie_db_file(): couldn't tie '$db_file': $!");
     }
@@ -118,7 +118,7 @@
         croak "traverse(): usage error";
     }
 
-    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR, LOCK_SH);
+    my ($dbhash, $unlock) = $self->_tie_db_file(O_RDWR|O_EXCL, LOCK_SH);
     unless ( $dbhash ) {
         return $self->set_error( "traverse(): couldn't get db handle, " . $self->errstr );
     }
diff -ur CGI-Session-4.07.orig/lib/CGI/Session/Driver/file.pm CGI-Session-4.07/lib/CGI/Session/Driver/file.pm
--- CGI-Session-4.07.orig/lib/CGI/Session/Driver/file.pm	2006-03-09 13:02:19.000000000 +0100
+++ CGI-Session-4.07/lib/CGI/Session/Driver/file.pm	2006-03-15 11:54:22.000000000 +0100
@@ -52,7 +52,8 @@
     # make certain our filehandle goes away when we fall out of scope
     local *FH;
 
-    sysopen(FH, $path, O_RDONLY) || return $self->set_error( "retrieve(): couldn't open '$path': $!" );
+    umask(077);
+    sysopen(FH, $path, O_RDONLY | O_EXCL) || return $self->set_error( "retrieve(): couldn't open '$path': $!" );
     $self->{NoFlock} || flock(FH, LOCK_SH) or return $self->set_error( "retrieve(): couldn't lock '$path': $!" );
 
     my $rv = "";