VB.NET Retrieving and Storing Database Credentials

I have an application I'm working on that connects to an SQL Server Express 2013 Database.  Currently, I have hard coded the connection string into a settings module.  This works, but it has draw backs.

1. If a user wants to take this program and connect to a different database, it needs to be recompiled for them.
2. I don't know how secure it is.
3. If the password on the database changes, we have to recompile...

And so on.

The first time a user uses the program, I could prompt for a connection string, username and password.  But where would/should I store that - and what would be the most secure method.  

I'm assuming there are several different ways to answer this question, and from my research it seems that no way is really fool proof.  So, any suggestions would be appreciated!

Thank you for your help!!!
LVL 1
slightlyoffAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

frankdCommented:
I store the credentials in the registry, still not the most secure, but it gets by. Then all you need to do is have a .reg file with the changes that will update the registry.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jacques Bourgeois (James Burger)PresidentCommented:
You can use the configuration mechanism in .NET (https://msdn.microsoft.com/en-us/library/vstudio/a65txexh%28v=vs.120%29.aspx), in combination with encrypting (https://msdn.microsoft.com/en-us/library/zhhddkxy%28v=vs.140%29.aspx).

Because the configuration is stored in files external to the application, you do not have to recompile. And the way the mechanism is built, a User configuration setting is automatically stored individually for each user on a given computer, so two users could have a personal ConnectionString from the same installation of the application.

When there are changes, you can simply distribute a new configuration file and copy it in the application directory, or have a form that requests the necessary informations from the user and creates a new ConnectionString on the fly.
Vitor MontalvãoMSSQL Senior EngineerCommented:
slightlyoff, you still have the issue or it's already solved?
slightlyoffAuthor Commented:
I need to look at this in more detail - but I haven't been able to revisit it since I posted.
Sorry for the delay.

Thanks for the suggestions, I am going to explore along those routes.

I appreciate your time and help!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic.NET

From novice to tech pro — start learning today.