I'm planning an application. The application serves a lot of images. Because I want images to be only available to those with a password and at the same time I want to avoid the hassle of htaccess and htpasswd files my plan is to store images outside the web directories and serve them using readfile.
My question is: how much of a performance difference might there be in using readfile() than having Apache serve the files directly? I just don't know enough about how Apache and PHP work to know if my plan is sensible or not.
OK. So I've done some browsing around on this site and some people do suggest using readfile() as a way of 'securely' serving images - which can now be stored outside the web root. I just have this feeling there must be other options between this and htpasswd. (Thanks for the comment below from Pekka about x-sendfile. It is just that in this case that isn't an option).
Thanks