• When you are working with ASP.NET applications, you should always store the connection strings in Web.config file. This is very secure. No user has rights to access web.config file from the browser.
• Store the connection strings as encrypted format in the configuration file.
• Don't store the connection strings in .aspx page.
• It is not recommended to set connection strings as declarative properties of the SqlDataSource control or some other data source controls.
Asked In: Many Interviews |