Security Notes for FileUpload UI Elements (SAP Library - Security Aspects for Usage Type DI and Other Development Technol)

Security Notes for FileUpload UI Elements

File Size

A Structure link FileUpload UI element is not suitable for the upload of mass data. During the upload request, the file is held in the memory of the work process in duplicate for technical reasons. Depending on the file size and the memory management profile parameters, this can cause a process to switch to Structure link PRIV mode.

You can restrict the maximum possible file size by limiting the request size with the Structure link icm/HTTP/max_request_size_KB profile parameter.

More Information:

Structure link FileUpload

Virus Scan Infrastructure

Web Dynpro ABAP FileUpload automatically uses the Structure link SAP virus scan infrastructure if it is configured for HTTP requests.

If a virus is detected during the upload, the system issues an error message. It does not write the file data and information to the context.