[eluser]GnomBrother[/eluser]
In pure php we define constants for database password and put outside www folder. We just bring it into www by "include" php function.
Here in CI, we write in database.php and database.php stays in www. Someone can download whole site by special programs and view database.php.
Is it secure to keep database passwords in database.php?