0

I'm planning an application. The application serves a lot of images. Because I want images to be only available to those with a password and at the same time I want to avoid the hassle of htaccess and htpasswd files my plan is to store images outside the web directories and serve them using readfile.

My question is: how much of a performance difference might there be in using readfile() than having Apache serve the files directly? I just don't know enough about how Apache and PHP work to know if my plan is sensible or not.

OK. So I've done some browsing around on this site and some people do suggest using readfile() as a way of 'securely' serving images - which can now be stored outside the web root. I just have this feeling there must be other options between this and htpasswd. (Thanks for the comment below from Pekka about x-sendfile. It is just that in this case that isn't an option).

Thanks

  • It can be expensive, as a memory-consuming PHP process has to be started for every request. If you have root access to your server, there's a middle ground, [Using X-Sendfile with Apache/PHP](http://stackoverflow.com/q/80186) – Pekka Sep 24 '13 at 13:14
  • Thanks. In this case x-sendfile is not an option as this script will be distributed and I'm trying to make it so it has as few requirements as possible. I've edited my question based on your comment –  Sep 24 '13 at 22:04
  • "as few requirements as possible" --- provide both. Use the one specified in config – zerkms Sep 24 '13 at 22:09
  • If you want to create a PHP script for redistribution, you likely have no option but to use `readfile()`, with all the memory and performance implications – Pekka Sep 25 '13 at 00:29

1 Answers1

1

The problem is i like PHP but its not the fastest programming language for such things. When you really need performance you should take a look at HipHop from Facebook to compile your files to native C.

I don't know the size of your site but readfile() and file_get_contents() could be very slow and take a lot of memory when you have a lot of requests.

But this is only possible when you have root access.

René Höhle
  • 26,716
  • 22
  • 73
  • 82
  • 2
    HipHop for this? HipHop wont run any common PHP Framework, generally it can be hard to get your code running on HipHop. would rather suggest APC but booth are not going to speed up readfile anyway. – joschua011 Sep 24 '13 at 22:32