Hi I have wrote a file uploader in PHP, and I don't want people to hijack it (get direct links, download whenever they want, etc). Currently I have placed the uploaded files one directory up from the www root, and I'm hosting the files mime type in order to serve them on the fly. I'm trying to think how should I secure this website, I don't want people to get direct links,etc. Currently the links are being check with the $_SERVER['refer'] variables and it being compared to the one in my config file. Any ideas will be very appreciated! Thanks! By the way, does this file serving feature takes a lot of load from the server? if so then what are the other options? can I serve these files w/o PHP involved? lets say only by some sort of apache module or anything like that?
