This has got to be one of the most frequently asked questions I get when I teach security classes: “How should I store my connection strings on the Web server?” It doesn't always take that exact form, but a lot of people out there need to store sensitive data on Web servers and other often-attacked machines. It's a tricky problem with no perfect answers.

Here's the deal. Imagine a Web server that needs a password to connect to some back-end machine running on a platform where Kerberos authentication isn't an option. The server process will need to read that password at some point, and therein lies the problem. Any data that can be read by the server process can be read by an attacker who can compromise ...