URL Security
Your file download implementation must take security issues into account.
• Information about the server’s file structure should never be displayed to the user. This includes URLs.
• Users should not be allowed to traverse the file structure of the server when downloading a file.
• Users should not be allowed to change a parameter, such as filename, when downloading a file.
• Users should never be allowed unauthorized access to any file through such traversals or modifications.