I am developing a C# Desktop Application that connects to a SQL Server 2005 database hosted on a web server. The desktop application will be deployed on user pc's throughout the country. I am looking for a secure connection string for the code to connect to sql server 2005 through the c# desktop application. I would like to protect the database user name and password as much as possible.
Assuming that someone is sniffing the connection string through the user pc what is the best way to secure the connection string so that it is not read in plain text.
This is what I have currently put together based upon information I read on a MS web site:
Data Source=XXXXXXXX;Initial Catalog=BaseXXX;Encrypt=True;Persist Security Info=False;Trusted_Connection=sspi;" +