In addition to Steve's reply you might also find the following valuable -
(How To Store an Encrypted Connection String in the Registry)
http://msdn.microsoft.com/library/en...asp?frame=true
Might I add - there are mixed opinions about web apps accessing registry -
some guys think it's cool, some think it's not. My personal view is - as far
as security goes - that can be worked around in an acceptable manner - the
one issue the above mentioned link doesn't address is - registry is
SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
cra~p).
But then that can be worked around - it's easy - cache the connectionstring;
and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
you just avoided the last argument against registry - performance.
- Sahil Malik
http://dotnetjunkies.com/weblog/sahilmalik
"Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message
news:eARRbil1EHA.4004@tk2msftngp13.phx.gbl...[color=blue]
> One of the best techniques is to use a trusted connection. That way you
> don't need
> to list a username or password so there is nothing to hide.
> If this is not possible, you can alternately store the username and
> password encrypted
> in the registry.
> Here's more information:
>
http://msdn.microsoft.com/library/de...itysection.asp
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
>
http://Steve.Orr.net
>
>
>
> "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
> news:e0cZmjk1EHA.3408@tk2msftngp13.phx.gbl...[color=green]
>>I have my SQL Server connectionstring in my web.config file. I'm scared
>>that someone will open the file and get my username/password. How do I
>>encrypt, then decrypt the connection string in the web.config file?
>>[/color]
>
>[/color]
Encrypting/Decrypting Connection String 
