Security Notes for FileUpload UI Elements
Use
A FileUpload UI element is not suitable for the upload of mass data. During the upload request, the file is held in the memory of the work process in duplicate for technical reasons. Depending on the file size and the memory management profile parameters, this can cause a process to switch to PRIV mode.
You can restrict the maximum possible file size by limiting the request size with the icm/HTTP/max_request_size_KB profile parameter.
Virus Scan Infrastructure
The Web Dynpro ABAP FileUpload automatically uses the SAP virus scan infrastructure if it is configured for HTTP requests.
If a virus is detected during the upload, the system issues an error message. It does not write the file data and information to the context.