Holding ConnectionString in app.config or properties.Resources of a C# project?

Question

hi I've saved my project connection string in app.config file and use it without any problem. But some one told me that she has put it in Properties.Resources of her project.

Now, my question is is there any preference between these two ways? or what else do you offer?

Thank you

Answer 1

It's better to put it in app.Config if you want to be able to change this post-deployment. If you only need it to be configurable at compile time, either option is fine. Compile-time only configuration in resources has the advantage of both hiding the configuration string, and potentially making one fewer files to deploy.

Answer 2

This has always been an interesting one to answer. It all depends on your current situation and needs.

1. Will you have to change the connection string post deploy?
2. Security considerations -> Someone might be able to get access to your database from the stored credential. (How much permissions does that credential have?, etc..)

If you want the flexibility to change connection strings easily post deploy, that maybe app.config might be easiest option.

If security is a concern, then you could look at two things.

1. Locking down permission on that credential (only give the minimum required rights for you app to work)
2. Encrypting your connection string. (Have a look at MS Enterprise Library, from memory they will store the connection string encrypted and decrypt for you)
3. Storing connection string in registry
4. Encrypting and storing connection string in registry (If it is a major concern. It about making it harder for the hacker.)