I am developing a feature for my social networking website that allows users to upload pictures (and later videos), which other people can then view. The code currently copies the uploaded image from the temp upload directory into a /media/ directory directly under the web server document root, generating a name for it (we don’t use the original filename). The image is also stored in mongo gridfs. When a request comes in for an image file, I use htaccess to see if the file exists – if it doesn’t, then the URL is rewritten to a PHP program that retrieves the image from mongo, writes it to its filename under /media/ and redirects.

My question is about security and the relevant directory permissions on the /media directory. The permissions on the /media/ directory are such that it has to be writeable by www-data. Is there a way to achieve the same effect as what I currently have without having a world-writeable directory under my document root? I’ve read quite a few posts on SO about this kind of problem, which seem to say different (though generally non-conflicting) things, and I was hoping for a good summary of the main points I should watch out for.