Storing/serving images securely and efficiently

What is the best practice for storing and serving images securely
hurting performance?

Is it possible to store user images in a folder that’s not web
(possibly higher up and before /www?) and serve on demand after the user
logged in to the page? There is a username and password access
already in place.

The users don’t want these images to be publicly accessible.

I am running nginx with php on Ubuntu. Database is mysql.

Thank you.

Posted at Nginx Forum: