Our web admin has added password protection to a specific URL which contains a link on the page to download an xlsx file . I am unsure on the exact configuration except to access the page you have to enter the credentials of a user account created in the CMS itself. However, I have tested, if someone found the direct link to the xlsx file in the files directory of the site, they can download it directly. Is there anyway to secure the file better. I assume the likelihood of someone guessing/brute forcing the URL to the file is very low, but who knows what hack tools are out there. It just undermines the need for the username/password to access the file if someone can just enter the URL directly to download the file.