Hi All -
Sorry if this question seems dumb, but here it is: In the data source declaration, database username, password needs to be provided, and they are in plain text! For the application, data source works fine, but I feel it is really not safe - anybody who can access the server can see the password, plus the fact that the file need to be upload to a source control repository - password becomes an open secret, if it's still a sceret :( Is there a good/generalized way to handle this (and any similar cases invloving password in xml configuration file) Thanks a lot, William _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/196390710/direct/01/