Secure files for download

Question

I want to have a folder, lets call it docs, that contains documents that logged in users can download. These have very sensitive information. How can I best secure the folde

Answer 1

Put the files outside of the webroot. Then using PHP pass the file though a script. That way no one can link to the file directly and bypass your controls. (Naturally make sure the script that does this only after verifying the user has permission to retrieve that file).

Sample PHP: