Avoid access to the upload files by url without login and rights
Is it possible to avoid everybody to get access to the upload file with the url?
Is it possible to limit this access by being logged and with the proper rights of the group?
The short answer is no.
Recently discussed here.