What is the best practice for storing and serving images securely without hurting performance?
Is it possible to store user images in a folder that's not web accessible (possibly higher up and before /www?) and serve on demand after the user has logged in to the page? There is a username and password access mechanism already in place.
The users don't want these images to be publicly accessible.
I am running nginx with php on Ubuntu. Database is mysql.
Thank you.