Where and how to store encryption_key out of CodeIgniter

What's safest and best method to move $config['encryption_key'] out of CodeIgniter so it can't be accessed by FTP.

And how to disable showing it in the profiler?

I'm open to ideas.

Thank you开发者_Python百科

As far as removing the encryption key from the profiler, see the section in the user guide on profiling:

http://codeigniter.com/user_guide/general/profiling.html

You can manually set the profiler sections before enabling it, or define defaults in config/profiler.php. Just set $config['config'] = FALSE; (You have to disable the entire config section).

As far as moving the encryption key somewhere else, I wouldn't worry about it. If someone is smart enough to actually know what to do with your encryption key and has FTP access, you're pretty much screwed anyways. I'd be more concerned with revealing your database connection details, for one.

Just make sure you change the encryption key to something new each time you install Codeigniter,