This article is to give an idea how we can achieve security in web.config file, its a basic practice to store our Database connection string in web.config file. This avoids hard coding and you can always change as and when required but the problem is anybody who has access to solution can see the user name and passwords of the database and can be changed.