security - How to securely store database connection details

Question

In an application that needs to open a database connection, the username/password details must be sent to the database. What is the most secure way of storing, and using, this data?

Answer 1

The exact method depends on the environment, but in general, you store the credentials in a location which is only readable by the user that your application is running as. For example on Windows you would store the credentials in the registry in a location protected by an ACL so that only that user could read it. Optionally, you could use the DPAPI to encrypt the data so it was further protected. In Unix, you would store it in a file that was protected with chmod (and optionally encrypted) so that only the app could read it.