Encrypting web.config
Storing configuration settings (like connection strings) might be a security risk if e.g. someone gets access to your application using FTP. Therefore these settings should always be encrypted. It’s very easy as asp.net 2.0 decrypts it on the fly, so there is nothing you have to do for decrypting it. Just encrypt your settings and you’re done. David Hayden has a short but effective way to encrypt and also decrypt it if necessary with only some lines of code.