I am learning how to encrypt the ConnectionString for our C# (3.5) Application. I read the .Net Framwork Developer Guide (http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx) about securing connection string. but not fully understand the contents.
It says "
The connection string can only be decrypted on the computer on which it was encrypted."
We have a release machine which will build our application which will generate the OurApp.exe.config and then install it to many product machines. Is that meam we have to have this encryption process separated with our application and run it at individual product machine?We may use the "
RSAProtectedConfigurationProvider
". It mentioned we needencryption key
for that provider. when and how we should provide the encryption key?
thanks,