If you're running a version prior to rev-111 then your $install_location/config.cfg file might be vulnerable to viewing with a web browser. If you did not change the permission to the kontrollbase script user the the webserver might have read permissions on the file. 

This was fixed in rev-111 and above by using a totally new method of accessing database connection variables for the server scripts. They now access the CodeIgniter system/application/config/database.php file directly so there is no config.cfg file in the main folder anymore. 

Solution

1. Upgrade to the current version or revision 111 or higher.
2. If you do not want to upgrade, just run the following command – replace [user] with the user that you are using to run the bin/ scripts
   shell> chown user:user config.cfg && chmod 0400 config.cfg

config.cfg is no longer used. I'll remove that information from the documentation.

http://code.google.com/p/kontr…..tail?id=78