>Hi
>yes thats how I have it now, but having the connection strings in plain text is not best practice, one of the solutions I was reading about is to put them in a database, sounds a catch 22 situation :)
web.config is not plain text at run time. You may need to encrypt it using the Configuration class. I think you can encrypt just sections of it but am not positive.
Here is a link I found by googling 'encrypting web.config .net 2.0'
http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx