I am about to move my nopcommerce shopping cart to production. What is the recommended user for accessing the database? Would Network Service user be the one to use? What is the right database service roles for the user?
you should create an unique username and pasword for your database and keep it secret
Thank you for the reply. A related question here. The database connection string is stored in the ConnectionStrings.config file. The connection string will have the password encoded in it. Is there any way not to have password sitting in the file system?
You must have the password there, but you can encrypt it, but then you need to write some code that will decrypt it.
The most simple encryption is base64 encoding. Take a look here http://dotnetsqlinterview.wordpress.com/2008/07/20/basic-64-bit-encoding-and-decoding-in-cnet/
Anyway the client (the person who accesses the site with browser) will not be able to see the contents of the file (IIS doesn't allow to serve .config files). So the only people who can know your pass is your hosting company people. But they probably can access your database with another master user, so there is nothing to hide here.