Brian,

>I’ve been poking around the help file and can’t seem to find a straight forward answer to what I would hope is a common question. Mere Mortal reads the database connection information from the appconfig file. This is all wide out in the open in plain text for the whole world to see by default ( for those of you that cant read between the line IMHO this is a VERY bad practice). Considering that I’d like to keep my job for a few more years I’ll need to put some type of encryption on this. I don’t need anything earth shacking that would take a Cray II 200 years to crack but something better than plain English is a must. Is there a way to do this built into the framework and if so where do I find an example in the help file? If this isn’t in the help file could it be added?

I agree! As mentioned in the Dev Guide we only recommend putting connection string id's and passwords in the config file in clear text on developer machines. When you deploy you should definitely *not* store passwords in clear text. The most secure way to do this is not have ids and passwords at all. Rather than using SQL Server Authentication you can use Windows Authentication when accessing SQL Server instead (you can set the server for Mixed Mode Authentication as described in the MM .NET Dev Guide if it isn't already).

For that matter, you don't have to store connection strings in the config file at all. It's just the default option. For example, some folks store connection strings in the database. To override the default retrieval of connection strings you can create a subclass of mmDatabaseManager and override the GetConnectionString() method. You can then change your application's Factory class to instantiate your custom database manager instead. There are specific instructions for doing this in the MM .NET Dev Guide topic "The Factory Object" under the section "Overriding Factory Methods".

Best Regards,