Kalil

Kalil

  • NA
  • 2
  • 0

Setup & Connection String encoding

Feb 1 2006 2:39 AM
Hello,

I am totally new to ASP/C#/SQL and would strongly appreciate your help asap as security is a critical issue in the application I am trying to develop.
I read a lot about the need to encode the connection string and save it in web.config and for now, I just have a plain text connection string created in the code in the ASPX page.
I wonder however, if that's OK, given that the web server and application server are running on the same machine where the SQL server & database itself are also located. In that case, do I really need to hide and encode the connection string?
I guess I could use Windows authentication (I would need to set ASP.net as a valid user of SQL server?), but for now i am using SQL authentication (I need to create a SQL user with appropriate rights, that is not the sa). Is it OK to use SQL authentication?

Thanks a lot!