View Full Version : Where to put user submited files ?

04-17-2009, 02:00 PM
Where is normal/prefered position of folder for user submited files(jpg and such ...), is it under web-inf, or totaly out of web server paths ?

04-17-2009, 04:12 PM
If you limit what your users can upload, like only images (jpg, png, etc.), then somewhere in the web root is fine. If you do not have any restrictions on the types of files a user can upload, I would store them under the web root. For example, if someone uploads a PHP script, I don't want them to be able to run it on my server.