How to encrypt connection string without app.config

Assume that app.config is, for whatever reason, not an option.

How is possible to store an encrypted connection string, either in the assembly itself or another app.config like XML file?

(I don't think it matters, but this is for an COM add-in for Excel 2003.)

This can be good application of isolated storage.

http://msdn.microsoft.com/en-us/library/3ak841sy(VS.80).aspx

You can use the classes in the System.Security.Cryptography namespace to encrypt/decrypt a file. However, you run into another problem, where will you store the key? If you store it in the assembly, the assembly can be browsed to find the key and then someone else can use it to decrypt your data.

do check out

http://www.codeproject.com/KB/security/encryptstrings.aspx

and

http://sharpertutorials.com/simple-string-encryption-and-decryption/

Sounds like a good use for ProtectedData class.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx

Calling Protect and passing in a byte array containing your connection string will return a byte array of encrypted data (which can then be converted to base64 and stored in a local file.

Calling Unprotect and passing in a byte array containing encrypted connection string will return a byte array containing the plaintext connection string. Then simply use Convert to ASCII or UTF-8 etc.

Obviously if the attacker gains access to the user account running the app they will be able to recover the string but it provides a little more security than storing encryption string in assembly (which can allow recovery without gaining access to user account).