Performance was a key concern while developing the plugin.
Media Vault only redirects requests for protected files and files with the
mgjp_mv_download=safeforce query argument set, so that requests for unprotected files are not affected at all.
Now, "protected files" are simply files within the Media Vault (
_mediavault) sub-directory within your WordPress uploads folder.
When you set an attachment's file access to "Protected" in the WP admin, Media Vault moves the attachment's files (preserving the folder structure) from the WordPress uploads folder where they are, into the Media Vault Protected folder (the
/_mediavault/ sub-directory) and, very importantly, updates the attachment's relevant fields in the database to reflect the move.
So Media Vault in version 0.8.10 utilizes two rewrite rules:
1. detects whether the request is for a file in the protected folder
2. detects whether the request has the Media Vault download query argument set
Only if any of the two above are true will the request be redirected to be handled by WordPress and the Media Vault file handler script.
Hope this helps, let me know if there is anything else.
I will add this to the FAQ, might get a bit technical for the desc..
Thanks for the Q.