File Upload Security

For uploading files with the NetWeaver Administrator (NWA), you should apply the following security measures:

Use the Virus Scan Interface (VSI) for Java-Specific Configuration (see also: Configuration of the Virus Scan Interface).
For uploading local files via NWA, Web Dynpro uses the virus scan profile for the Java component FileUpload. This is delivered in Virus Scan Profile webdynpro_FileUpload (see: Delivered Virus Scan Profiles).

For uploading custom xdc files into AS Java through ABAP, you should apply the following security measures:

Use the Virus Scan Interface (VSI) for ABAP-Specific Configuration (see also: Configuration of the Virus Scan Interface).
For uploading local files via ABAP use the virus scan profile for the ABAP component GUI_UPLOAD. This is delivered in Virus Scan Profile/SCET/GUI_UPLOAD (see: Delivered Virus Scan Profiles).
Use ABAP report RSPO0022 to upload XDC files.

Note

See SAP note 1805971 for information about the required NetWeaver release.