I would like to hear about different options to securely store a database connection string. In the past we used to hard code it but that meant that we will never be able to change it unless we were ready to recompile the hole application/system (or at least parts of it). With .NET the app.config file is an easy place to put it. It's convenient because you can change it with a simple text editor (Notepad). You don't need to recompile your application, a restart would be enough (ASP.NET doesn't even need that). However, it's not really secure because everyone can have access to it. Is there a way to encrypt the app.config or at least parts of it? I guess I could encrypt the connection string and store it in the app.config. I could include the decryption algorithm in my app but then I would need a different application to be able to decrypt the string, change it and encrypt it back into the app.config. I am really curious about what are different options here.
All the best, Eddie =================================== This list is hosted by DevelopMentor� http://www.develop.com Some .NET courses you may be interested in: Essential .NET: building applications and components with C# November 29 - December 3, in Los Angeles http://www.develop.com/courses/edotnet View archives and manage your subscription(s) at http://discuss.develop.com
