Thread:Project:Support desk/Prevent unregistered users from viewing files, even if they know the URL

I'm trying to set up a completely private wiki for my nonprofit's internal collaborative use. I've figured out how to prevent unregistered "users" from viewing or editing any pages and how to restrict account creation. But it appears that while the "File:Whatever" pages are protected in this way, the actual files themselves are only | secured through obscurity; anyone can view them if they know the URL that leads directly to the file. Is there an extension or other means to block unregistered users from seeing any files, even if they have a direct link?