Storing commercial files on the server

Where would you store files that are meant for 开发者_C百科sale on an e-commerce website?

Somewhere out of htdocs/wwwroot/etc. You don't want anyone to link to them directly. You should have a page/script that can read that location and send the file back.

On a secure server in a network zone that is not directly accessible from the internet. Your webserver can then access and retrieve files only for authorised users.

Rule of thumb: Not in htdocs (i.e. not accessible from the internet).

What do you want to do with those files? Offer them for downloading after a customer payed? You should manage the credentials by a server sided script (e.g. a PHP script) and give that script access to the file.