Hi Bruce,
Thank you, it is files which the users upload as supporting documents which we are storing in a documents sub-folder contained in the web folder.
When I try to browse those files, I am not able to. Thus a malicious user would need to know the full file-name of the file to get to it? Or is there another way?
I maybe wrong, but would imagine that Google indexed the file whilst it was being opened / viewed by a user in Chrome.
Is there a way to project files in the web folder?
Or if the web folder is always publicly accessible, should I put the files outside the web folder, and change my user-procedure that it opens from local disk and not via URL?