On a actual project (dating site) i have the following scenario:
Member can upload photos (main profile) and create albums and assign photos to it. Now the member can choose only to allow registered members, premium members or members in his favorites to access the album.
The easiest solution is to hide the album, but if someone who has access post the src url to the photo it would be accessible to everyone who has the url.
I see flickr and facebook secure them in a good way, but how i can implement that without to need to query many times the DB and replicate the user auth/session. The photos will be stored on a own server (varnish/nginx).
Has anyone a idea how this can be done in mind of high traffic and to use less resources as possible?
The solutions needs to can handle the actual 20m members and around 30m photos.