Currently I am storing video and images inside root directory using Apache. Yesterday however, I created a folder outside root directory and tested storing video there with below .htaccess to limit file types stored there to image and video. The .htaccess worked.
Header set Content-Disposition attachment
Header unset Content-Disposition
Header set X-Content-Type-Options nosniff
I then discovered this article that if I understand it correctly suggests it's safer to store outside root directory. But I must create image tag src=" separate php file to serve images, - instead of image or video address like I currently have". My guess is, this way keeps the image/video folder - address - hidden. Please shed some light on this for me.
1. If I store outside root directory, must I use php file instead of directory address in image tag src= attribute? That is, will just an image/video address in src= attribute work? I have not tested this.
2. If I am correct, my php page as is pings the server for every call to the database. There are multiple calls to the database on each page. Now If I add to that a php file (inside src= attribute) for every image on main page to deliver image addresses, and there will be 10 or more images, will this ping the server for each image address I seek? Assume I am building the next twitter. I want to be efficient.
3. With the above .htaccess in place, is the idea of storing outside root directory (over kill) and not worth the extra pings to the server? I read that google keeps images in a blob store. Maybe that's a clue.
Thanks for your advice.