We have several custom C# WinForms applications that we use in-house. All of these applications connect to SQL Server databases. For all of these apps we have typically hard-coded the connections string(s) in a module or class of either the main exe or an associated DLL. My questions were as follows:
Are connection strings in general still the best practice for connecting to data on SQL Server from Windows desktop applications?
If not, what better alternatives exist to read/write data from/to SQL?
If connection strings are still the most modern alternative:
a. Does having the connection strings as we do, inside compiled EXE's and DLL's offer us protection from prying eyes? I seem to recall a way for people to glean this information using MSIL or something.
b. What alternatives exist to encrypt or obfucscate the embedded connection string info (server, database, user name , and password) to achieve a higher level of security?
Thanks