Production Database Access

I am about to move my nopcommerce shopping cart to production.  What is the recommended user for accessing the database?  Would Network Service user be the one to use?  What is the right database service roles for the user?

you should create an unique username and pasword for your database and keep it secret

Thank you for the reply.  A related question here.  The database connection string is stored in the ConnectionStrings.config file.  The connection string will have the password encoded in it.  Is there any way not to have password sitting in the file system?

You must have the password there, but you can encrypt it, but then you need to write some code that will decrypt it.
The most simple encryption is base64 encoding. Take a look here http://dotnetsqlinterview.wordpress.com/2008/07/20/basic-64-bit-encoding-and-decoding-in-cnet/

Anyway the client (the person who accesses the site with browser) will not be able to see the contents of the file (IIS doesn't allow to serve .config files). So the only people who can know your pass is your hosting company people. But they probably can access your database with another master user, so there is nothing to hide here.

sittsen wrote:

you could use a trusted connection. You set up a new NT user account for the shop, and then go to SQL server and set that user up there. Then change the user that the web is running under (may have to set impersonate on in the web config) This way there is no password in the script... it authenticates because windows knows that NT user running the website has permissions in db... so its more secure