I am novice in this but

for search engines you can use robo.txt to disallow indexing and for direct access by the user,
1: use dynamic urls to hide original url from the user view. For example use this in .htaccess file

www.yourdomain.com/download/file?id=<Your Key in the database>

should be interpreted at server level
www.yourdomain.com/download/downloadRequest=<Your Key in the database>

The other option that comes to my mind is to user apache folder properties. Like 6-6-6 or 4-5-6. I am not sure whats your server properties so check at your end.

Hope this helps :-)

Hi there BlackRaven,

Well one way as you could make the folder a little more secure is to stop directory browsing, or have the download dir outside the domain so that joe public cant access it anyway. This seems to be standard practise when storing media etc.

For stopping the directory browsing try this:-

<Files .htaccess>
order allow,deny
deny from all
</Files>

Place this in your .htaccess file, it works for me!

The method that impact describes is good for 'masking' the technolgy that you are using to generate your site, which is good, and it makes your pages index more easily from SEO point of view, but, having the files IN the domain is a bad idea as this is always at risk from people reading the url or page source, finding the dir, and without the prevention of directory browsing there, pinching all your data!

The better way IMHO (though there may be better ways that I haven't found) is to have the files stored in a directory outside your domain, then this at least prevent joe public being able to browse to it.

Hope this helps,

Cheers,
MRb