How can I safely store and access connection string details?

Question

I\'m currently working on a ASP.NET MVC web site, and I\'ve come up to a point where I need to integrate a database into the website.

Normally I would simply add the app

Answer 1

You could store Encrypted Connection strings in cache. The Cache server is on another server on purpose (This communication can be restricted to 1 port and IP address making far harder to be hacked). This will get the connection string completely off the web server and even if a hacker gets access to the cache they are encrypted. The key is the loading of the strings into cache and that can be done remotely, so those connection strings are never written to the hard drive of the server. The code only decrypts the connection strings as needed and never holds on to those unecrypted strings in a variable.