Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What’s safest and best method to move $config['encryption_key'] out of CodeIgniter so it can’t be accessed by FTP.
And how to disable showing it in the profiler?
I’m open to ideas.
Thank you
As far as removing the encryption key from the profiler, see the section in the user guide on profiling:
http://codeigniter.com/user_guide/general/profiling.html
You can manually set the profiler sections before enabling it, or define defaults in
config/profiler.php. Just set$config['config'] = FALSE;(You have to disable the entire config section).As far as moving the encryption key somewhere else, I wouldn’t worry about it. If someone is smart enough to actually know what to do with your encryption key and has FTP access, you’re pretty much screwed anyways. I’d be more concerned with revealing your database connection details, for one.
Just make sure you change the encryption key to something new each time you install Codeigniter,