>>> It is that I wanted my application to "look" more professional in the eyes of a DBA or whoever might want to look into the application. So I am going with the approach of only encrypting the user password.
>
>Fair enough, though in that case you might consider a slightly modified MD5 hash routine rather than encryption, since that's regarded as more secure- even if they decompile your MD5 it doesn't reveal the password, unlike encryption that presumably uses a key. Also, if there is backend data, how are you storing the connection string?
Currently I store the connection string in an XML file, unencrypted. And this is on my PC while I am testing. I will ask the customer, during the deployment, if they prefer that I encrypt this XML file.
"The creative process is nothing but a series of crises." Isaac Bashevis Singer
"My experience is that as soon as people are old enough to know better, they don't know anything at all." Oscar Wilde
"If a nation values anything more than freedom, it will lose its freedom; and the irony of it is that if it is comfort or money that it values more, it will lose that too." W.Somerset Maugham