I have started my first ASP.NET project and I must say, it is a learning experience... so this is a real basic question.

I am using a membership and roles provider for MySql (by J Snyman and adapted for MySql Net connector) and I have it up and working fine, but the password and username are exposed in the Web.config file. The implementation of the membership and roles provider in the web.config with no real code-behind, so where can I put the code to decrypt the password and user name to pass to the membership provider?

Thanks in advance for your help.

Here is my web.config:

Code:
<?xml version="1.0"?>

<configuration>
  
    <configSections>
        <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
            <section name="cdbnet.My.MySettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
        </sectionGroup>
    </configSections>
    <appSettings/>


  <connectionStrings>
    <clear/>
    
    <add name="SimpleProviderConnectionString" connectionString="server=localhost;User ID=PlainText_MyUserName;database=mydatabase;Password=PlainText_MyPassword;Persist Security Info=True"
    providerName="MySql.Data.MySqlClient" />
    
  </connectionStrings>

  

  <system.web>
        <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
        <authorization>
              <allow roles="Basic User" />
        </authorization>
        <compilation debug="true" strict="false" explicit="true" />
        <pages>
            <namespaces>
                <clear />
                <add namespace="System" />
                <add namespace="System.Collections" />
                <add namespace="System.Collections.Specialized" />
                <add namespace="System.Configuration" />
                <add namespace="System.Text" />
                <add namespace="System.Text.RegularExpressions" />
                <add namespace="System.Web" />
                <add namespace="System.Web.Caching" />
                <add namespace="System.Web.SessionState" />
                <add namespace="System.Web.Security" />
                <add namespace="System.Web.Profile" />
                <add namespace="System.Web.UI" />
                <add namespace="System.Web.UI.WebControls" />
                <add namespace="System.Web.UI.WebControls.WebParts" />
                <add namespace="System.Web.UI.HtmlControls" />
            </namespaces>
        </pages>
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="Forms" />
        <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace. -->

           <!--<customErrors mode="Off"/>-->

    <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <!--<error statusCode="403" redirect="NoAccess.htm" />-->
            <!--<error statusCode="404" redirect="FileNotFound.htm" />-->
        </customErrors>
       
      
      <!--This is the Security section added-->
      <siteMap defaultProvider="siteMapProvider" enabled="true">

        <providers>
          <clear />
          <add name="siteMapProvider"
             type="Simple.Providers.MySQL.MysqlSiteMapProvider"
             connectionStringName="SimpleProviderConnectionString"
             applicationName="cdbnet"
             description="MySQL site map provider"
             securityTrimmingEnabled="true"/>
        </providers>
      </siteMap>
      <roleManager defaultProvider="roleProvider" enabled="true"
          cacheRolesInCookie="false" cookieName=".ASPROLES"
          cookieTimeout="7200" cookiePath="/" cookieRequireSSL="false"
          cookieSlidingExpiration="true" cookieProtection="All">
        <providers>

          <clear />
          <add name="roleProvider"
              type="Simple.Providers.MySQL.MysqlRoleProvider"
              connectionStringName="SimpleProviderConnectionString"
              applicationName="cdbnet"
              description="MySQL role provider"/>
        </providers>
      </roleManager>
      <membership defaultProvider="membershipProvider"
          userIsOnlineTimeWindow="15">
        <providers>
          <clear />

          <add name="membershipProvider"
              type="Simple.Providers.MySQL.MysqlMembershipProvider"
              connectionStringName="SimpleProviderConnectionString"
              applicationName="cdbnet"
              enablePasswordRetrieval="true"
              enablePasswordReset="true"
              requiresQuestionAndAnswer="true"
              requiresUniqueEmail="true" passwordFormat="Clear"
              minRequiredPasswordLength="6"
              minRequiredNonalphanumericCharacters="0"
              description="MySQL membership provider"/>
        </providers>
      </membership>
      <profile defaultProvider="profileProvider"
          automaticSaveEnabled="true">
        <providers>
          <clear />
          <add name="profileProvider"
              type="Simple.Providers.MySQL.MysqlProfileProvider"
              connectionStringName="SimpleProviderConnectionString"
              applicationName="cdbnet"
              description="MySQL Profile Provider"/>

        </providers>
        <properties>
          <clear />
          
        </properties>

      </profile>
      
      <webParts>
        <personalization defaultProvider="personalizationProvider">
          
          <providers>
            <clear />
            <add name="personalizationProvider" type="Simple.Providers.MySQL.MysqlPersonalizationProvider"
                 connectionStringName="SimpleProviderConnectionString" applicationName="cdbnet" description="MySQL Personalization Provider"/>
              </providers>
        
        </personalization>
      </webParts>

    </system.web>
  <applicationSettings>
    <cdbnet.My.MySettings>
      <setting name="teststring" serializeAs="String">
        <value>this is a tester</value>
      </setting>
    </cdbnet.My.MySettings>
  </applicationSettings>
</configuration>