使用php gd保护php上传/显示和cpu加载

I'm working on a web gallery and uploading a file raises a lot of security concerns.

This is what I have so far:

Uploading:

1. Check the file type (only jpg/jpeg, tiff, png are allowed)
   
2. getimagesize() (A valid image file can have php codes in it, but at least I know that it is an image)
   
3. Run CamAV virus scan on upload.
   
4. Store the image outside the web directory. Set apache so that php cannot run in the folder
   
5. Resize the image based on what I want
   

Retrieving:

1. Use GD to recreate the image via php

My question is, is there anything I missed? Also, is much cpu power (this is very vague question, but let's say I have to display 10 images per user to 100 users per sec) would the application use to retrieve an image with gd. I can test it by myself, but it would be great to hear from someone who has experience with it. Many images (over 10) will be displayed at each connection which is why this is important.

Many people are not getting the security you are trying to provide. Good work, images are a source of malware in the comment part of even a real image, so you are right it checking. GD will probably use more resources then you want. you might want to use readfile instead. Reading the mime type, set the header, then output it. That will hide it. Even that might use a lot of resources. Also look at mod_xsendfile IF you can install that, it is as fast as a file transfer and will do what you are looking to do. This will help: http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/

AD.1 Get extension from file and save as rand uniq name 736217361236123.png AD.4 Disable httacess in this dir