I am working currently on a web project where users can create image galleries and upload pictures. Optionally they can mark pictures as private so that nobody else can look at them.
Now i am not sure how to properly implement the protection mechanism. Of course i have some ideas but none of them seems to be optimal.

Here is one of my ideas:

Create a table for user images:

image_key (PK) | user_id | public_image (boolean)

the picture will be saved on the harddisk using the iamge_key and can be accessed via http by an url looking like this:

http://www.myCompany.com/images/image_key

a servlet will be mapped to the url path images, the key will be extracted, a stream to the file on the harddisk will be openend and the picutre will be streamed.
additionally there will be a reverse proxy in front of the servlet container to provide some caching.

The issue with this solution is that my serlvet would have to go to the database and check if the image with the given key is public or not.

My question:
Can this be done without hitting the database? (some fancy ideas)
Can someone provide a better solution to store and keep track of the pictures?
How would a solution look like where besides public and private pictures also some pictures are shared to firends only?

Please note that this question is not about storing pictures in a database or somewhere else but concerns access rights management of binary resources in a web application environment.