I have a web.config file thet contains the connection string to a SQL Server 2005 database using SQL Server authentication and therefore contains the username and password stored in the web.config xml file.
The web.config is in the root of my website. Is this secure? I have a folder one level up called 'private' where stuff like access databases reside. Should the web.config be stored in there? and if so, how do I tell my aspx pages it has moved?