To store database connection strings, you have a variety of options with different degrees of flexibility and security. Although hard coding a connection string within source code offers the best performance, file system caching ensures that the performance degradation associated with storing the string externally in the file system is negligible. The extra flexibility provided by an external connection string, which supports administrator configuration, is preferred in virtually all cases.
When you are choosing an approach for connection string storage, the two most important considerations are security and ease of configuration, closely followed by performance.
You can choose among the following locations for storing database connection strings:
- In an application configuration file; for example, Web.config for an ASP.NET Web application
- In a Universal Data Link (UDL) file (supported only by the OLE DB .NET Data Provider)
- In the Windows registry
- In a custom file
- In the COM+ catalog, by using construction strings (for serviced components only)
By using Windows authentication to access SQL Server, you can avoid storing user names and passwords in connection strings. If your security requirements demand more stringent measures, consider storing the connection strings in encrypted format.
For ASP.NET Web applications, storing the connection strings in encrypted format within the Web.config file represents a secure and configurable solution.
Note You can set the Persist Security Info named value to false in the connection string to prevent security-sensitive details, such as the password, from being returned by means of the ConnectionString property of the SqlConnection or OleDbConnection objects.
The following subsections discuss how to use the various options to store connection strings, and they present the relative advantages and disadvantages of each approach. This will allow you to make an informed choice based on your specific application scenario.
Note The Configuration Application Management block allows you to manage configuration settings-from database connections to complex hierarchical data.