From 393377fd247f38d57a7324515b57fed5d84b28ff Mon Sep 17 00:00:00 2001
From: Joe Cianflone
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn't abide by the .htaccess.
-After moving them, open your main
If you would like to keep your views public it is also possible to move the views folder out of your application folder.
+ +After moving them, open your main
One additional measure to take in production environments is to disable -- cgit v1.2.3-24-g4f1b