Protect the Temporary Directory
Filter writes temporary files to the temporary directory. These temporary files frequently include the contents of files that you are processing, including decrypted parts of encrypted files. Sensitive information is therefore exposed in the temporary directory, so it is important that only users who are permitted to access this information can access the temporary directory.
By default, Filter uses the system temporary directory. Many other programs might use this directory, so OpenText recommends that you configure Filter to use another location. You can then protect the configured temporary directory by setting directory permissions to allow access only to sufficiently privileged users.
To configure the temporary directory path
- In the C API, call the fpSetConfig() function with the
KVFLT_SETTEMPDIRECTORY
flag.
NOTE: In the rare instances where the out-of-process process exits unexpectedly, File Content Extraction cleans up any temporary files created by the child process. However, if the parent process exits unexpectedly (such as a manual interrupt, or a power failure), it cannot clean up the temporary files.
File Content Extraction does not need temporary files to persist across different sessions, so it is safe to manually delete any files associated with a previous session.