And So I just finished my first php codeigniter application, and i'm going to deploy it to some server. However, I have heard it is extremely bad practice to help keep database configurations inside your document root. Does Codeigniter in some way hide the configurations in application/config/database.php or must i slowly move the entire application folder elsewhere and reference it from index.php? Thanks!

It might be bad practice if you are file is openly accessable, but it is not necessarily a bad factor by itself. For instance, WordPress (a Content management systems that forces most from the internet) stores it's database config information within the document root inside a file known as wp-config.php.

The recommendation we follow in WordPress land would be to chmod the file to 755 so that it's only readable by auth'ed customers and Apache.

sudo chmod 755 file.ext

CodeIgniter includes .htaccess files within the application/ and /system folders that deny access however it certainly is smart to move these folders from any openly accessible folders.

The CodeIgniter front controller (index.php) consists of variables for altering the applying and system folder locations.

I usually slowly move the application and system folders outdoors of docroot. By doing this, no application files are available on the internet, only the bootstrap.

Inside a default CI install, you receive this:

public_html // the docroot folder
  application
  system
  index.php

I change it out such as this:

application
system
public_html // the docroot folder
  index.php

And alter index.php for this:

$system_path = '../system';
$application_folder = '../application';