Performance-oriented way to protect files on PHP level?

Question

I am looking for some input on something I have been thinking about for a long time. It is a very general problem, maybe there are solutions out there I haven\'t thought of

Answer 1

Anything sensitive should be stored in a secure area like you suggested.

if your website is located at /var/www/public_html

You put the assets outside the web accessible area in /var/www/assets PHP can call for a download or you can feed the files through PHP depending on your need.

If you kept the HTML in the CMS DB, that would leave only non-sensitive images & CSS.

If you absolutely have to turn on and off all access to all materials, I think your best bet might be symlinks. Keep -everything- in a non-web-accessible area, and sym link each folder of assets into the web area. This way, if you need to lock people out completely, just remove the symlink rather than removing all files.

I don't like it, but it is the only thing I can think of that fits your crtieria.