I am working on a php/mysql application that will be running on an intranet based environment on a windows server.
I am not storing images and files in the database as it iwlll get heavy , so it will be stored in te folders.
For folders - is the folder permissions enough to secure those files?