I'm developing a program using entity framework with WPF and using a SQL credentials on the database.
When deploying the program it produces the program.exe.config file which contains the connection string. Any user can open it and see the credentials data (SQL username & password). I searched to figure out a way to hide them or encrypt but nothing useful in my case. I found that entity using base variable to get the connection from the app.config but when I tried after many ways to pass the connection string directly an the right way I faced a problem about the provider in the connection string.
[Solved] i let the connection with app.config but with fake data for username and password . then i created a setting to store the connection string . and at the instantiating of the db entity i changing the connection property stored in the settings . so i guess that your connection is safe now .