Multi File Upload Permission Settings

Hello,

Using PHPRunner 6.2 and I have the multiple file upload feature enabled on my Add/Edit fields. I keep the files uploaded in a local folder one level up from the application files. What are the proper permissions to use so that these files in the folder are not public and viewable using a direct URL link to that folder? Or is there some other security setting I should use?