As far as storing the files, use a seperate subdirectory called "rawData" or something, and place all your files in there, aim for 10 - 5000 files per directory, and keep it logical. But since you want to stop guessers from accessing it, use a randomID() function that you create to generate a random subdirectory under "rawData". You could also use just the YYYY-MM-DD HH-MM-SS of the submit/upload-date for the file or the last-modification date of the file. Then create something that maps IDs (dataNr, itemNr, fileID) to the relative path under "rawData". Then let view.php readfile() and output the requested file, instead of sending any link to your "rawData"-subdirectory-location to the browser. It should be airtight then. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php