you can encrypt your connection strings in your web.config file.
storing connection strings in a class as a property or a constant is not secure. anyone who uses a disassembler can see your connection string.
best way is the configuration encrypting.
