>We have an ASP.NET application that requires uploading and storing of files. A developer here wants to place the upload attachment folder within the application physical folder structure associated with the virtual directories.
>
>I do not want to place it there due to the possibility of security issues. Are there accepted practices for the placement of application file upload folders? Is this documented anywhere?
Once you have received the file, you can place anywhere you want off the scope of the IIS server.