I think you're more secure in the virtual folder than opening up a folder elsewhere.
>We have an ASP.NET application that requires uploading and storing of files. A developer here wants to place the upload attachment folder within the application physical folder structure associated with the virtual directories.
>
>I do not want to place it there due to the possibility of security issues. Are there accepted practices for the placement of application file upload folders? Is this documented anywhere?
>
>Thanks,
>Bill
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer