connection string in app.config security problem

[Guest]

Dear all,
if we write the connection string in app.config, then it can be changed
easily after deploying, but the password, and user name will be exposed to
the client and posing a security problem to the sql server, any good advice
to do this

 

[Claes Bergefall]

Encrypting the string would be one solution.
Not storing it in app.config (nor in any other
easy to read location) is another one.

Both would require some kind of admin program
to change it though.

It all depends on what kind of security you need
(and what kind of users you have). Maybe it's enough
to limit write access to the file?

/claes