Hi All
Forgive me if this is a stupid question but the advice for best security practice is to place the system and application folders above the web root which is no problem. One thing I can’t get my head around at the moment though is I am advised to put the Application folder out of the public domain which files do I leave in the public folder for people to access?

Any advice would be much apprectiated for an obvious newb.

Cheers

—system folder
—application folder
—secure documents
—public domain
——css
——img
——js
——downloads
——documents
——index.php

something like the above is ok. You leave css, js, images and everything that is freely accessible.
Everything that has to be secured you put above the public domain.