Storing images above or below the web root?

I'm working on a web app where users can upload images which are associated with their account. I'm trying to figure out the best way to store these images in the filesystem taking into account organization 开发者_如何学JAVAand security. I'm using a JavaScript-based file uploader which has to save the images within the web root, but I'm wondering if it would be better to move the images above the web root for better security? Any thoughts on the matter would be appreciated.

From a security standpoint, you probably want to select a location where users can't see your website application images or directories when they use your image browser. So a different directory location other than your website root is a good idea. The location can be a virtual directory that points to any location on your file system, as long as you have appropriate directory security set up to read / write files through your web server.

Virtual directories can point wherever you'd like them to, and might make your backup strategies a little easier to support, if you back up all dynamic user files from time to time.