We have a bunch of client files sitting in a "uploads" folder on our Apache-based site. Although the directory itself is NOT browseable (403 forbidden - Directory Listing not allowed) ... the client has become concerned that the files themselves might be compromised somehow, .. or indexed by search engines.
Is there any way that we can apply special .htaccess rules to that uploads folder so that the files contained within it can only be downloaded using a PHP script (or something like that)? We're just looking for a way to secure those files somehow -- without having to reprogram the site so that the file uploads are stored and served up from outside the site root. Please advise.