Normal practice is to store connection string(database, excel, etc.) of any web application in web.config file. But on security point of view placing the database connection string or any of that sort in a web.config file without encryption is not secure at all. So it is mandatory to protect the configurations like connection strings etc. […]