How to Display Images Outside of Web Root

In another thread of mine (i.e. PHP Security on Server), ScallioXTX suggested storing all files which members upload to a directory outside of the Web Root.

When I asked him how to do that, I expected it to be a simple response. But apparently, it is much more complicated than expected!!

So I have two questions:

1.) Assuming that I already have a rock-solid upload script which does about 15 checks to make sure that an uploaded picture is indeed an uploaded picture and nothing else, how much extra security do I achieve by placing the uploaded picture outside of my Web Root?

2.) If I chose that design, then how would I get a script inside of my Web Root (e.g. “profile.php”) to display a photo/thumbnail stored in a directory outside of the Web Root?

(I think he mentioned something about “streaming”…)

Thanks.

It allows you to control access to the uploaded files. Imagine, for example, that the uploaded files were some user’s photos and should be accessible to that user’s friends but no one else. If the uploaded photos were inside the web root, then there’s a public URL for anyone to access. But if they live outside the web root, then they would be accessible only through some virtual URL that is rewritten to a PHP script. That PHP script could check the user’s credentials and permissions, and either issue a forbidden response or send the file’s contents, using something such as fpassthru or readfile.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.