rocknbil - 5:30 pm on Jun 18, 2010 (gmt 0)
Another potential(?) problem. The files won't download unless the directory and all it's files are CHMod to 777. Will this cause me any potential problems with security?
It really is, 777 is world write, and second you shouldn't need world write permissions to access the files. Also don't know if removing the .htaccess directive was such a good idea, you can probably just go to /downloads and see the entire directory contents. What you want to do is if the directory alone is requested, issue the forbidden. See the Apache forum for help.
This directory should only need read for group and all, read/write for owner: 644. These are usually the defaults, delete the directory and recreate it, and do nothing. That should do it.
If you need to protect these files, some scripting may be involved. What you do is put the file in a private location, and the download link opens a script that locates and outputs the file. Topic for another day?