Probably a bit of general question, even tho' it's specific to a certain type of website/application, but will give it a shot regardless. I'm a bit confused wether or not I should be caching my thumbnails for my current project, normally I would, but I'm not sure about this project. I'll explain my situation better to give a better understanding.
I have a stock photo website, for celebrity, news and sport photos, that show authorised clients (newspapers & magazines) our entire library. These photos have some value and I have gone to great measures to ensure the larger photos are either hidden on Amazon S3, or above the root directory, with expiring and hashed links, so I don't want to jeopardize my photos by adding a cache when I shouldn't be or adding an incorrect cache. A typical user may search for a photo and never see it again or they might save a photo to their favorites and see it twice-daily. A user could also browse 10,000 photos in a couple of minutes.
My question is; should I have no cache at all or have a limited cache, for say, 1 hour, or 1 day? If I set a cache expiry for a photo, will that be accessible to my client on their browser, under say 'cached images'? Is there any other security issues with caching valuable photos?
I know about screen-grabbing, printing and the rule; if you don't want it stolen, don't put it on the web, but I want to do the best I can in my application for security and speed.
I'm using PHP (5.2.17) for loading images from Amazon to my client's browser using PHP's ReadFile() and IMG elements like <img src="loadImage.php?p=2342dfsfsdfwf2dfsf">.
To clarify what type of caching:
<?php
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: image/jpeg");
readfile($url);
?>
If you are extremely concerned about the security of the images, then I would say do not cache them at the expense of using more bandwidth (and a slower loading time). If you are more concerned about bandwidth usage than security, cache them.
However, if they are truly thumbnails, they should have little value to a user if they are small, of low quality, etc. One solution would be to watermark the images.
In theory, it is possible to extract images from a browser's cache (http://protechgeek.com/how-to-extract-images-from-browser-cache/), so if they are cached, they can be retrieved. Even easier, someone can screen grab as you mentioned, or right-click and copy/paste. A watermark is the only solution to this.
tl;dr
In my opinion, I would not think it's worth the extra bandwidth hit and increased loading time for a minimal security increase. Use watermarks instead. There's a reason that the majority of stock photo websites use watermarks-- they are the only way to prevent someone from outright stealing the image (even though, depending on the image and watermark, it can be removed convincingly by a skilled Photoshop user)