Build secure connection strings

[PillKilla]

Hi guys,

I need a bit of advice. I would like to store secure connection strings somewhere safe in vb.net. How can I build the secure connection strings in what situation and what would be the best??

As I have done the little research and found that the secure connection strings would be encrypted the strings and input the strings in app.config, so I would have to make a change in the app.config

To change from this unprotected app.config:

Code:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
    </configSections>
  <appSettings>
    <add key="connectionString" value=""/>
  </appSettings>
</configuration>

to this protected app.config:

Code:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <configSections>
    </configSections>
  <appSettings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
  xmlns="http://www.w3.org/2001/04/xmlenc#">
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <KeyName>Rsa Key</KeyName>
    </KeyInfo>
    <CipherData>
    <CipherValue>s82glHiIPyN0h5AtPhsifNJ/8zwG8oEcukgY/RJS4nCeyrkJzgOOxU9aN1gOYpS8E3bHXMSqqbK8Rb9yc5kp/ddVRfguYGBKLA+EBTT+KYsGmiDZb2lB6Pvs66tK18fgs9Gi9i8Lor30I5PzbMLazf5VztehppJ5IkUWAPsIvjg=</CipherValue>
    </CipherData>
  </EncryptedKey>
  </KeyInfo>
  <CipherData>
  <CipherValue>ZnyRkuxCQq3T1yUvpDZ3qOIzEtX1dqoCbv1jHbyTy6V+Ovs8rIfwkN5AWBKWo4WsMBm+GhEfVhqNa4yNoe8ZeRw8zRAVOzymXfiGo1e66VMdJO1Jo6o5/A==</CipherValue>
  </CipherData>
    </EncryptedData>
  </appSettings>
</configuration>

If I wish to get the value, I would have to use those method:

Code:

// Open the app.config file.
Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
// Display the current connection string.
CurrentConnStringTextBox.Text = config.AppSettings.Settings["connectionString"].Value.Trim().ToString();

The code have been built to a guy who known as Nick J. Fessel. I am not too sure if it very secure to use it so. Do anyone know that if the connection strings is secure or not?

If not then, please post the info for the secure connection strings without being found out or make it impossible to get crack will be much appreciate for the info.

Thanks alot!