Web Config file

Hi all,
Should I put my Database Connection string in my Web Config file?
If not where is the most secure?It is not a good idea to put your connection string directly in your webconfig file.
You can encrypt it before putting it into the webconfig file.

webconfig content is not safe. Do not insert sensitive data

You can hard code your connection string in the assembly (If you assume that you won't change the connection string) as a resource.
But if its encoded then I would still have to decode it somewhere in the app every time I want to use it?

Can you tell me more about storing it in the assembly pls?
No you don't need to decode it each time you need it.
For example. You can use methods in the Global.asax file. In application_start method. Read your encoded connection string from webconfig file and decode it. Then store it in the "Application" (applicationState) variable which is common to all sessions.

Then, each time you need your decoded connection string, you just have to retrieve it from the ApplicationState variable (used in the same way than Session or Viewstate).

Concerning the included resources, I don't have used it yet, but I know it is not so hard to use. If you really want to use it. I can give you an example.

Hope It helps you
Thanks I'll look into it.
I don't agree with atoom's advice. It can be retrieved from the assembly as well as the config file. If I were to choose either of the two, I'd choose config files, rather than hardcoding the string. This way, I avoid recompiling the application when changes occur.

You can store an encrypted string in your config file and work with that.