I'm writing an application page in SharePoint and I want to securely store the connection string. I've used a variety of methods before but they all seem a little "suspect". What is the recommended approach for securely storing connection strings in SharePoint?
If the answer is in the web.config, what is the recommended way for managing the values here?
I would not recommend to store any custom application settings in the web.config! Consider using a custom SPPersistedObjects as explained by Wictor Wilén in Six ways to store settings in SharePoint
If your connection string needs a username and password to the backend system then you should also think about using the Secure Store Service. It provides a secure way of storing and mapping user credentials.
Here's an example of How to encrypt the connection string in web.config in Asp.net Web Application or Site and SharePoint Web Application.
SharePoint 2010 also provides the facility of using Secure Store in which connection string can be secured - this may be a more recommended way to go.
