How can I hide my password in my C# Connection string?

Question

I have the following connection string:

Data Source=Paul-HP\\MYDB;Initial Catalog=MyMSDBSQL;Persist Security Info=True;User ID=sa;Password=password
         


        

Answer 1

First of all, don't use the "SA" account. It leaves your database wide open if someone gets the password. Use a custom account which only is allowed to do CRUD operations on a specific database.

The only way to get web.config is to hack your server. And if they have done that, you're screwed anyway.