I have an application where registered users will upload various files (.doc, .pdf) and I need them stored somewhere secure so somebody who isn't registered can't access them. Normally I've just had all file uploads to go a folder in the site root, but I'm thinking that probably isn't a good idea.

Any suggestions on how to make this more secure?