Hello

For the convenience and portability of one of our less savvy clients, I would like to keep everything under the web root.

From the configuration pages for the filesystem, there is this standard

verbiage:

A file system path where the files will be stored. This directory must exist and be writable by Drupal. If the download method is set to public, this directory must be relative to the Drupal installation directory and be accessible over the web. If the download method is set to private, this directory should not be accessible over the web.

I am wondering if I should expect problems, if I set the method to private, but leave the directory as "sites/default/files". In that directory, I can place an .htaccess file which denies from all, or maybe redirects to the homepage or something.

Does anyone foresee any difficulties with this method?

Thanks

Luke