In addition to Steve's reply you might also find the following valuable -
(How To Store an Encrypted Connection String in the Registry)
http://msdn.microsoft.com/library/en...asp?frame=true
Might I add - there are mixed opinions about web apps accessing registry -
some guys think it's cool, some think it's not. My personal view is - as far
as security goes - that can be worked around in an acceptable manner - the
one issue the above mentioned link doesn't address is - registry is
SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
cra~p).
But then that can be worked around - it's easy - cache the connectionstring;
and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
you just avoided the last argument against registry - performance.
- Sahil Malik
http://dotnetjunkies.com/weblog/sahilmalik
"Steve C. Orr [MVP, MCSD]" <> wrote in message
news:...
> One of the best techniques is to use a trusted connection. That way you
> don't need
> to list a username or password so there is nothing to hide.
> If this is not possible, you can alternately store the username and
> password encrypted
> in the registry.
> Here's more information:
> http://msdn.microsoft.com/library/de...itysection.asp
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
>
>
>
> "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
> news:...
>>I have my SQL Server connectionstring in my web.config file. I'm scared
>>that someone will open the file and get my username/password. How do I
>>encrypt, then decrypt the connection string in the web.config file?
>>
>
>
Similar Threads
