Drupal 7 Alpha 1 has just been released. Although it's not the definite version, Alpha means that it is stable enough to be tested by the public. And since I'm the public, I downloaded, installed and looked at Drupal 7. These are my first impressions, together with a couple of screenshots.
Being able to upload files through Drupal serves different purposes: handling pictures, playing music, attach documents, etc. You have to go through a number of steps before you're able to manage files.
Sometimes you want to avoid anonymous users to download certain files from your site. For most of the sites, the settings for the download method in the file system (Administer>>Site configuration>>File system) is set to public to avoid problems with external programs like FCKeditor, etc. That means that everybody can reach them. Changing that setting doesn't seem to be a good idea, because Drupal warns about possible problems with previous uploaded files.
You might think that changing the permissions for the upload module (permissions that are activated by enabling upload under the core-module) are the solution. By unchecking anonymous user for view uploaded files they can't see the files anymore. Or can they?
A quick test reveals that they can. It's true, when unchecked, the anonymous user can't see the file attachment under a node anymore. BUT the file is still accessible when the user knows the path. And when you make a link to the file inside your node, everybody can follow that link and access the file.