Security Best Practices
This section outlines some security best practices to consider when using File Content Extraction.
- Keep File Content Extraction Up to Date. New releases may include security updates, including updates to third-party libraries. See Third-Party Library Upgrade Policy.
- Run File Content Extraction with Minimal Privileges. In the event that a malicious actor causes File Content Extraction to behave dangerously, the potential damage is limited if File Content Extraction is running with fewer privileges. See Run Filter with Minimal Privileges.
-
Protect the bin Directory. The
bin
directory contains DLLs and other files that are necessary for normal operation of File Content Extraction. If a malicious actor tampers with these files, they might cause File Content Extraction to behave dangerously. You must set directory permissions to allow access to only sufficiently trusted users. -
Protect Output Locations. Extracted content might be sensitive, so you must protect any output locations by setting directory permissions to allow access to only sufficiently trusted users.
-
Run Filter Out-of-Process. By default, Filter processes documents in a separate process, which protects the stability of the calling application. OpenText strongly recommends that you use this default.
-
Sanitize absolute paths when extracting subfiles. Container files can specify paths that point outside the extract directory, which can lead to a type of path traversal vulnerability known as Zip Slip. File Content Extraction automatically sanitizes relative paths to prevent this, but OpenText recommends that you also configure File Content Extraction to sanitize absolute paths. See Sanitize Absolute Paths.
-
Protect Log Files. When you use diagnostic logging, File Content Extraction restricts information that it writes to log files to exclude information like file names, file content, or credentials. When you use legacy out-of-process logging, file names and other potentially sensitive information might be logged. In either case, OpenText recommends that you set directory permissions on the logging output directory to allow access to only sufficiently trusted users.