Increase security of Codeigniter (Part 1)

• If you wish to increase security of project done by Codeigniter then there are various way.
• Hiding the location of your Codeigniter files: The Procedure is as follow: You can rename system and application folders to something more private. If you wish to rename then at first open the index.php file of root directory of Codeigniter installation file. Then find the line   $system_path = ‘system’; and                                                   $application_folder =’application’;                                                          Then edit this two line as you renamed. For my project I have rename the system folder as system_secure_project_name_!231 and application folder as application_project_name_!231 and placed that two folder in the newly created path as like as root/my_project_secure_level!_1/secure_level_!2. The newly edited file is like as file                                                                                  $system_path = 'my_project_secure_level!_1/secure_level_!2/system_secure_project_name_!231';                                                                           $application_folder = 'my_project_secure_level!_1/secure_level_!2/application_project_name_!231';
• Change Value of ENVIRONMENT Constant                                                   By default, When CodeIgniter ins installed then environment constant set to 'development'. At the top of index.php located in root directory, you will see:                                                                          define('ENVIRONMENT', 'development');Setting the ENVIRONMENT constant to a value of 'development' will cause all PHP errors to be rendered to the browser when they occur. But it may also cause a security issue when the project of Codeigniter is on ‘live’  which may potentially contain sensitive information.                                                                                Conversely, setting the constant to 'production' will disable all error output.
• URI Security                                                                                  CodeIgniter is fairly restrictive regarding which characters it allows in your URI strings in order to help minimize the possibility that malicious data can be passed to your application. URIs may only contain the following:

• Alpha-numeric text
• Tilde: ~
• Period: .
• Colon: :
• Underscore: _
• Dash: -

• Register_globals                                                                            During system initialization all global variables are unset, except those found in the $_GET, $_POST, and $_COOKIE arrays. The unsetting routine is effectively the same as register_globals = off. 
• magic_quotes_runtime                                                                           The magic_quotes_runtime directive is turned off during system initialization so that you don't have to remove slashes when retrieving data from your database. 
• Best Practices                                                                                     Before accepting any data into your application, whether it be POST data from a form submission, COOKIE data, URI data, XML-RPC data, or even data from the SERVER array, you are encouraged to practice this three step approach:                                                                                           
• Filter the data as if it were tainted.  (XSS Filtering)
• Validate the data to ensure it conforms to the correct type, length, size, etc. (sometimes this step can replace step one)
• Escape the data before submitting it into your database