Ok, desired (probably impossible?) scenario is next:
1) anyone can upload image(s) to folder
2) only admin, via web admin interface/regular, password protected admin panel can see it
I guess it is impossible, unless i store images to database directly (as BLOB type), and show them inside admin panel (which will decrease performance, i guess).
So, what i could do, a) except to place blank index file in upload folder (already done) but i guess there are ways to guess/get names of files
b) and maybe, add some .htaccess protection (what would be your advice?)
Again, uploading is a part of form (there is no registration required!), i need some way to allow only admin to see/download images, but to protect it from others, because sensitive data are in question.