Skip to main content

Avoid storing sensitive files in the web root

Requirement#

The system should store neither user-uploaded files nor files containing sensitive information in the web root.

Description#

The web root is the topmost directory on a web server. If there is no sufficient access control, any file in this directory will be publicly available. Therefore, user-uploaded files and files containing sensitive information should not be stored in it.

References#