In addition to Steve's reply you might also find the following valuable -
(How To Store an Encrypted Connection String in the Registry)
http://msdn.microsoft.com/library/en...asp?frame=true
Might I add - there are mixed opinions about web apps accessing registry -
some guys think it's cool, some think it's not. My personal view is - as far
as security goes - that can be worked around in an acceptable manner - the
one issue the above mentioned link doesn't address is - registry is
SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
cra~p).
But then that can be worked around - it's easy - cache the connectionstring;
and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
you just avoided the last argument against registry - performance.
- Sahil Malik
http://dotnetjunkies.com/weblog/sahilmalik
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message
news:eA**************@tk2msftngp13.phx.gbl...
One of the best techniques is to use a trusted connection. That way you
don't need
to list a username or password so there is nothing to hide.
If this is not possible, you can alternately store the username and
password encrypted
in the registry.
Here's more information:
http://msdn.microsoft.com/library/de...itysection.asp
--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"VB Programmer" <Do*****************@jEmail.com> wrote in message
news:e0**************@tk2msftngp13.phx.gbl...I have my SQL Server connectionstring in my web.config file. I'm scared
that someone will open the file and get my username/password. How do I
encrypt, then decrypt the connection string in the web.config file?