Security Notes for Downloading Files

Use

With UI element FileDownload, method ATTACH_FILE_TO_RESPONSE of class CL_WD_RUNTIME_SERVICES, and certain active components (e.g. Adobe, Office, Gantt, Business Graphics), dynamic resources can be generated on the server and sent later to the browser and made visible. It is possible that once the application has closed, copies of the file may remain in the file system.

Administrators can prevent one file or all the files from being downloaded. You can also change the default settings for header fields Cache-Control, Pragma, Expires, and Content-Disposition.

Preventing the Download of Dynamic Resources

You have the following options to prevent the download of dynamic resources:

Preventing the Download of Dynamic Resources Generally

The default setting allows download options using UI element FileDownload, function AttachFileToResponse, and active components. If you want to prevent dynamic resources from being downloaded, set application parameter WDDISABLEDYNAMICRESOURCESDN to the value X.

For more information see Application Parameters and URL Parameters.

Preventing the Download of Specific Files

If you want to exclude individual files from the download, use Business Add-In (BAdI) WD_BADI_DYNAMIC_RESOURCE.

Proceed as follows:

  1. Implement BAdI WD_BADI_DYNAMIC_RESOURCE_CACHE.

    For more information about BAdI implementation, see Business Add-Ins (BAdIs).

  2. Using parameter BLOCK_RESOURCE of method CHANGE_CACHE_4_DYN_RESOURCE, you can prevent the download of specific dynamic resources.

    For more information, see the documentation for BAdI interface IF_WD_BADI_DYN_RESOURCE.

Changing Default Settings for Header Fields

To change the settings for header fields Cache-Control, Expires, Pragma and Content-Disposition, proceed as follows:

  1. Implement BAdI WD_BADI_DYNAMIC_RESOURCE_CACHE.

    For more information about BAdI implementation, see Business Add-Ins (BAdIs).

  2. With method CHANGE_CACHE_4_DYN_RESOURCE of the BAdI, you can overwrite the default values for header fields Cache-Control, Expires, Pragma, and Content-Disposition.

    For more information about the possible values, see the documentation for BAdI interface IF_WD_BADI_DYN_RESOURCE.

More Information

FileDownload

File Export