We have a process that uses LiveForms to collect data and allows the user to attach files. We have discovered that the uploaded files are accessible from our public website as long as some has the url. Due to this, we have had malicious files uploaded to our website. The files are currently saved to a folder location on the webserver.

1. Is there a way to allow file attachments, but prevent them from being accessible from our public website?

2. Can we configure where files are saved so that we could save them in a secure location?