Security Best Practices

This section outlines some security best practices to consider when using KeyView.

  • Run Filter Out-of-Process. By default, Filter processes documents in a separate process, which protects the stability of the calling application. OpenText strongly recommends that you use this default. See The Filter Process Model and Run File Detection In-Process.

  • Protect the Temporary Directory. Some of the data Filter writes to the temporary directory contains sensitive information, so you must protect this location. See Protect the Temporary Directory.

  • Run Filter with Minimal Privileges. In the event that a malicious actor causes Filter to behave dangerously, the potential damage is limited if Filter is running with fewer privileges. See Run Filter with Minimal Privileges.

  • Prevent DLL Pre-loading Attacks. When your application attempts to load the kvfilter shared library and it is not found, the Operating System may search various locations, which can lead to a DLL pre-loading attack. For ways to prevent this, see Mitigate Against DLL Pre-Loading.

  • Keep Filter Up to Date. New Filter releases may include security updates, including updates to third-party libraries. See Third-Party Library Upgrade Policy.

  • Sanitize absolute paths when extracting subfiles. Container files can specify paths that point outside the extract directory, which can lead to a type of path traversal vulnerability known as Zip Slip. KeyView automatically sanitizes relative paths to prevent this, but OpenText recommends that you also configure KeyView to sanitize absolute paths. See Sanitize Absolute Paths.