Depending on the size and design of your application, you have a few options.

1. Store all your documents in a database. Usually not a very good option 
since it is slow, and difficult / slow to maintain. But it gives you a 
rather high security level because you can select documents based on a 
certain user ID for instance. We sometimes use this when speed / 
performance is not a real issue.

2. Another method is to store your files in a "hidden" directory. This 
directory can only be accessed by IIS. When you want to refer to your 
files, an ASP page can check the user's credentials and then retrieve the 
document requested.
4GuysFromRolla have written an article on this subject at 
http://www.4guysfromrolla.com/webtech/081199-1.shtml

With both methods you will still see an address in the addressbar of 
course, but it won't contain any info about the document. You'll get 
something like /tools/downloadFile.asp?ID=334. So users can still guess 
numbers for other documents, but you can check their rights before you let 
em in.

Hope this helps.

Imar



At 12:20 PM 2/17/2001 -0600, you wrote:
>Hi Imar, thanks for your answer,
>
>yes, ASP too.
>
>
>(********************)
>Do you want this to happen in just plain HTML, or do
>you have access to
>ASP
>too for example??
>
>If the latter is true, let me know and maybe I can
>give you some
>advice.
>
>Imar
>
>(********************)
>
> >I need to download a file selected by the user. But I
> >dont want to give any user access to any file, but to
> >check user permissions on the server (no problem with
> >this) and store the documents in a non-public folder.
> >Is there a tag or technique to start a download
> >without having the virtual document address in the
> >link?
> >