I am working on a php/mysql application that will be running on an intranet based environment on a windows server.

I am not storing images and files in the database as it iwlll get heavy , so it will be stored in te folders.

For folders - is the folder permissions enough to secure those files?