Security Best Practices
This section outlines some security best practices to consider when using File Content Extraction.
- Keep File Content Extraction Up to Date. New releases may include security updates, including updates to third-party libraries. See Third-Party Library Upgrade Policy.
- Protect the Temporary Directory. File Content Extraction can write sensitive information to the temporary directory, so this location must be protected. See Protect the Temporary Directory.
- Run File Content Extraction with Minimal Privileges. In the event that a malicious actor causes File Content Extraction to behave dangerously, the potential damage is limited if File Content Extraction is running with fewer privileges. See Run PDF Export with Minimal Privileges.
-
Protect the bin Directory. The
bin
directory contains DLLs and other files that are necessary for normal operation of File Content Extraction. If a malicious actor tampers with these files, they might cause File Content Extraction to behave dangerously. You must set directory permissions to allow access to only sufficiently trusted users. -
Protect Output Locations. Extracted content might be sensitive, so you must protect any output locations by setting directory permissions to allow access to only sufficiently trusted users.
-
Prevent DLL Pre-loading Attacks. When your application attempts to load the
kvpdf
shared library and it is not found, the Operating System may search various locations, which can lead to a DLL pre-loading attack. For ways to prevent this, see Mitigate Against DLL Pre-Loading.