Actually files can be only uploaded by users as file. If public download method is selected, anyone can download these files. A download protection for unprivileged users should be provided to avoid it. If necessary, a "attached" file alternative field can solve this issue attaching files to emails and not on submission.

Comments

quicksketch’s picture

quicksketch
he/him
CreditAttribution: quicksketch commented
Status: Active » Closed (won't fix)

I have no intention of providing a separate file protection mechanism outside of what Drupal's private files provides.

Files as attachments: #159678: Send file attachments in email