Use file handles instead of string-based file names wherever possible
Check access rights before operating on a file
Detect and handle file operation errors
Create files in secure directories
Open files with the fewest privileges necessary
Ensure path and file name parameters supplied to file functions refer to valid files
Ensure files that are operated on refer to the expected file object