SqlConnection - How avoid hard coding password in config file.
Posted on 2008-06-12
I have a windows app, that I have created in VB.net. This is being deployed to a client's site, so in the properties of the SqlConnection, I am using "map property to a key in the configuration file".
However, I really dislike that the password (unencrypted) is hard coded in the configuration file.
Is there an alternative to hard coding the password?
I really like the flexibility of defining the database in the config file, but I know my client will not accept seeing their password hard coded.
Any help greatly appreciated.
HERE IS SAMPLE CONFIG FILE:
<?xml version="1.0" encoding="utf-8"?>
<!-- User application and configured property settings go here.-->
<!-- Example: <add key="settingName" value="settingValue"/> -->
<add key="SqlConnection1.ConnectionString" value="workstation id=TOM;packet size=4096;user id=sa;data source=myPC;persist security info=True;initial catalog=myDataBase;password=PWD123" />