NHibernate config connection string info

Question

What's the best way to store connection string info?

I'd rather not just store the db password in NHib.config file.

Answer 1

Generally you would put a password if you are connecting to say a sql server database with a sql login unless you decide to use windows authentication.

    <connectionStrings><add name="MyDbConn1" 
       connectionString="Server=MyServer;Database=MyDb;Trusted_Connection=Yes;"/>
<add name="MyDbConn2" 
      connectionString="Initial Catalog=MyDb;Data Source=MyServer;Integrated Security=SSPI;"/>
</connectionStrings> 

You should lock down the permissions/roles for what a sql server login can do.

If you have to use a sql server style login you could encrypt the password like this..

http://stackoverflow.com/questions/1706613/encrypting-connection-string-in-web-config

or some other links..

http://www.kodyaz.com/articles/Encrypting-in-web-configuration-file.aspx

http://www.codeproject.com/KB/cs/Configuration_File.aspx

http://www.velocityreviews.com/forums/t84120-how-to-encrypt-database-password-in-web-config-file.html

EDIT:

To use a connection string from a connectionstring element in the web.config file then this shows you..

http://www.martinwilley.com/net/code/nhibernate/appconfig.html

ALTERNATIVELY

use fluentnhibernate. :)

Answer 2

Use encryption on the password and/or connection string and store the encrypted password/connection string in a config file of some sort. Then use my answer here to add the connection string value to the NHibernate Configuration object after decrypting it:

http://stackoverflow.com/questions/1984976/how-to-load-application-settings-to-nhibernate-cfg-configuration-object/1988496#1988496

Like:

nHibernateConfiguration.SetProperty( 
  NHibernate.Cfg.Environment.ConnectionString,
  Util.Decrypt(encryptedConnectionString));