Best practices of security (place of index.php)

[eluser]kezman[/eluser]
I wonder what is the best practices of placing index.php in a project.
By default, it's in the root folder.
I read that it's a good practice to make an "html" folder on the same level with "application" and "system" folders and move index.php, css files, js files, image files there. Then change

Code:

$system_folder = '../system';
$application_folder = '../application';

in index.php

Is it the best practice?
If not - what is the best?
Why does the security rate increase after such changes?

[eluser]gRoberts[/eluser]
Because how CI is written, it's "harder" to extend or access code CI files unless they are loaded correctly.

This means, really, it makes no difference.

What I do however, if I can, is:

Code:

/
/htdocs
/htdocs/index.php
/system
/application

and then use, as you have:

Code:

$system_folder = '../system';
$application_folder = '../application';

This prevents anyone from accessing the files via the browser, making it a little more secure.

[eluser]kezman[/eluser]
[quote author="gRoberts" date="1337093731"]Because how CI is written, it's "harder" to

Code:

/
/htdocs
/htdocs/index.php
/system
/application

and then use, as you have:

Code:

$system_folder = '../system';
$application_folder = '../application';

This prevents anyone from accessing the files via the browser, making it a little more secure.[/quote]

Where do you store .css, .js and image files?

[eluser]craig.hoog[/eluser]

Where do you store .css, .js and image files?

These files have to be accessible to the browser, so they would go alongside the index.php file.

Code:

/
/htdocs
/htdocs/index.php
/htdocs/assets/css
/htdocs/assets/js
/system
/application

[eluser]gRoberts[/eluser]
Apologies for the delay.

As Craig said, I place everything inside an assets folder in the same folder that the index.php exists.