We are running a mp3 site in which user can upload mp3 files and play those mp3 files and other user can download those files.
The problem is we are trying to store those mp3 files securely and to prevent from hacking and we are facing lot of ideas to implement security .We are having following queries and please tell us in which will be good to proceed to have security
1) Storing the uploaded mp3 files outside of document root directory and giving 644 permission for those files and calling those files by using php script for read and download.
Problem for above method : we heard that even we store the uploaded file outside of root directory, some malicious code will run and damage our server and take control of it.
If we provide 644 permission, we can't delete unwanted mp3 files.
2) Storing the uploaded files in another server and mounting it to our server.We are not sure how much security will it provide?
Please guide us to choose proper and good security method to implement mp3 file uploading,storing and download.