Ok, thanks Craig.
>I think you're more secure in the virtual folder than opening up a folder elsewhere.
>
>>We have an ASP.NET application that requires uploading and storing of files. A developer here wants to place the upload attachment folder within the application physical folder structure associated with the virtual directories.
>>
>>I do not want to place it there due to the possibility of security issues. Are there accepted practices for the placement of application file upload folders? Is this documented anywhere?
>>
>>Thanks,
>>Bill
William A. Caton III
Software Engineer
MAXIMUS
Atlanta, Ga.