Drupal has great features for files management. Website user with required permissions can set the content type and manage the file upload process. User has the authority to set the content type as well as file size to upload. If you want to resist the specific type of users to access then you need to follow these steps.
A) create new folder named private /site/default/files/private
B) create a .htaccess file in this folder.
B) you need to set the path to private for files to upload in administer->configuration->media(file system)
These steps will resist the access of files publically.