Best group member, I am creating a file system class. I will have a web based document center with different access roles. All users in the system will not be able to view the files. It will all be run thru the web tool. I will have a class that is called file. That file can give an authorized user access to a specific file. What I do not want to do is to show them the location of the file. And if they some how finds out the location of the file, I do not want them to be able to type http://www.domain.com/files/important.doc and download the file. Should I put the files outside of the web file system (outside of httpdocs) so that they can not get the file thru the web browser? Or should I save the docs in a database instead and control the access thru that? Is there anyone with comments? Is it anyone with experience about this? Best regards, Peter Lauri
