Security measures to be taken while building photo sharing website

I am buildin开发者_JAVA技巧g a photo sharing website in php. I have almost completed it. I want to know what are the security measures we should take in storing images. I am using file system to store the images. How can I make it secure? Is there anything I can use to password protect the directories in which the images are stored?

The biggest thing is to make sure it cannot be accessed directly. The files should be stored outside of the web root and a script should be used to send the image.

This adds overhead but it will make it secure. It will also be somewhat harder to take advantage of CDNs.

Another possible solution - without overhead - consists in restricting the access to your image folder using HTTP basic access authentication. You can maintain the .htaccess and the password file with PHP accordingly with your user's credentials.

If you don't want the browser to popup for the user and password you can provide them using JavaScript.