I want to allow my users to upload their profile picture but I don't want all the images to be stored in the public folder. I want to have something like a storage\images folder that is not accessible by everybody.
I guess the upload part has to do with saving the path using the project base path + the storage folder I will decide on.
I understand that if an image is not in the public folder the img tag won't work.
How can I retrieve the images to be viewed by guests that search for particular users?
You can't access something outside from public folder directly (well, ok, that's not 100% true, if you have your web root at your app root instead of /public it will work but that's not ideal. Another option is to have a different domain (eg: pictures.example.org) that points directly to storage/pictures, but that's a lot of work for this in my opinion (harder to deploy and configure)).
@henrique what about storing images in the public folder and give them some UUID name so that they cannot be linked to my users. Can something from the public/images folder be scrapped if my images have some 36 chars uuid plus extension?
@cristian9509 If you disable folder listing in apache/nginx and instead of generating the filename with a pattern (eg: id-username) you use random chars, sure, they won't be able to find all images unless you have a page with a list of users with images for example.
@henrique Thanks for reminding me about "folder listing" options. I totally forgot about them. So, all I need is to store the images in a public/images folder and use random characters for the filename and disable folder listing and this way there is no way those images can be accessed by anyone. By chance, anyone has a little idea how Facebook handles their images protection?
I think I would go with the complex file name option. In Jeffs project flyer he uses sha to create a hard to guess hash. You could also use a uuid package.
do the math, a genuinely random uuid string is billions of billions to try before stumbling on an image ( unless of course you also have billions of users)
