I am in need of a secure solution for storing a larger (unknown) amount of private images accessed only by a certain user. This question is not surrounding things like logins, sessions or anything like that - solely surrounding images and them being stored.
I'll start out with explaining what I am trying to achieve and then go on to things I've thought about doing.
Private images only accessible by a certain user
A user logs in to my site to upload and view images provided and uploaded by him/her. The images should only be accessible by that user - therefore a login is required. When a image is requested for viewing, the rendering is handled by a PHP-script validating the user's authority and bringing the actual image from the safe directory.
What I know, assume and think about.
Indexing images for ease of managment
Every image that gets uploaded is indexed in a database for management, i.e.
Title: "Me on a scooter"
User: {0E4A759A-CC31-4B0D-97E1-EEFB28F0BF86}
Filename: asuohLAFUUHJSFUhaSGFUOAHSGUA
Extension: .jpg
When the user wants to view the image, the server validates and checks if the user is indeed the owner of the image.
Keeping the public away from the images
I've read some articles explaining that it's good practice to keep files outside of the document root directory. Though I understand the concept, I don't fully understand how to do it in practice. My assumption:
/var/www/myFolder/ //here's where the html files are stored
/mySecureFolder/ //here's where the content are stored outside of the root, or on a higher level
So whenever the server should display an image it looks for it in the /mySecureFolder/ and checks if the file exists before rendering it for the user.
Assumption #2
Creating and placing an .htaccess file blocking everyone but localhost in the /mySecureFolder/ is what I should do to keep others out.
Question #1 The PHP process is running as the user www-data, is it safe to make the owner group of /mySecureFolder/ www-data?
Assumption #3 - Chmod
To allow none but one specific system user i should CHMOD the folder recursivly with 0770, allowing only the owner user and the owner group to read, write and execute permissions.
Question #2
Is using .htaccess to deny access to everyone but localhost equivalent to placing the secure folder outside the root (/var/www/myFolder/) folder?
Assumption #4 Overkill
Encrypting every image stored on the filesystem is overdoing it and - if the directory permissions are set up correctly - unnecessary.
My attack scenario is only outer attacks, hackers cannot access the server trough SSH nor via physically being at the server. The possible attacks are therefore outer attacks coming from the code I created - like injections and so on.
I hope that the possible answers might come in handy for future bypassers, therefore I would appreciate if you help me out with formatting this question to ensure it being as clear as possible.
