security in passowrd proteced site and files
If i want to write a program where a user that needs to login can upload and download files (pdf's,word) but security is important ---
meaning i want the admin to be able to download the word or pdf but no user (without usernames and password to log into the program) to be able to find it by trying to type it's name under the domain.
I am planning to do this in asp & sqlserver as this way admins all over can access the files but I want all the info to be secure.
How can I do the thing with uploading and downloading files and what other security measures do I need to take?
There is not credit card info but personal info -- would there be any reason to purchase an ssl certificate?
What else can I do to keep it secure?