I'm using .Net (Visual C# specifically and MS SQL Server). I would rather not put them in a text file or any other readable file for that matter simply because I might as well just give the password to the user. For now, I think I will hard-code them into the application (it will only be used by a handful of employees, so it's not a web app or anything that will be used by the public).
I suppose that the registry would be a little better since many general users aren't going to go snooping around the registry, and they'd also have to sort of know what they were looking for. Neither is an ideal choice, but if I could find some way to store an encrypted string in the registry, that would work for the most part.
Hard-coding will work for now, but can get to be a pain if I have to change the database name and/or password sometime in the future, thus causing me to have to re-build the application and re-distribute the app to each machine. For now, I'll just create a global constant that only needs to be updated in once place in the entire application's source code (not the best idea, but the most feasible at this time).
Any other ideas? Can you store a string that is encrypted into the Windows registry?