I'm making a a system for my school to allow students to have some online space to store their school files on.

It has a basic upload / create folder / download / delete bit, it also has a 'submit work to teacher bit that copies their file into their teachers folder in the correct year group.

My question is this: I'm not really expecting students to abuse it but you never know, what sort of things should I look out for to stop students buggering around with other students files / the website files? (this system is hosted in the same place as the school website)

It uses a logon / session variables to keep people out, and will eventually have a SSL secure login page - I hope this is enough to protect the system from external attack!

I've made part of the upload section look at the file extension and doesn't allow asp, php and exe files. Are there any other files I should check for (it is a windows server)
I've done this becuase students could upload a page, which if they can find it, could be used to delete important files!

I'm fairly confident that it will be ok but wondered if someone had anything else to consider?

Thank you,

Jon Kemm