In many books, it is recommended to store uploaded files outside of root for security reasons, which makes perfect sense. But I am wondering how do you provide access to those files then? Say www is the root and I make a uploads directory one level above it, so both www and uploads are inside Apache folder. How can I display images stored inside uploads? <img src="/../uploads/asshole.png"> won't work as everything in "/../" won't be accessible. If I just return one single image, maybe I can read the file using file_get_contents or something and return it, but what if I wanna show a gallery of images.
You're right. I was confused between uploaded files that should be used/shown (party photos) and those that should be inaccessible (nude photos).