I wanted to use the aspnet_setreg utility as described in this article: http://support.microsoft.com/default.as ... us;Q329290 to gain the security benefits of storing the username/pw in the registry. However, when I replace the username/pw fields in the NHibernate web.config field "<property name="connection.connection_string">" it gives me the following exception:
NHibernate.ADOException: cannot open connection ---> NHibernate.ADOException: Could not create connection from Driver ---> MySql.Data.MySqlClient.MySqlException: #28000Access denied for user 'registry:HKLM\SO'@'localhost' (using password: YES)

I gave read access to the ASPNET user so I'm wondering if NHibernate is trying to simply use the specified registry connection string as the username/pw which would obviously not work.

I'm wondering if I'm just being stupid and should put those username/pw fields somewhere else or if there is a better way to have connection string security with NHibernate.

Does anyone have other suggestions on how to secure the connection string in the web.config file?

I've looked at some of the suggestions in this thread:
http://forum.hibernate.org/viewtopic.php?t=952838

Well, if anyone is looking for this in the future, I've decided to dynamically build my connection string and store the registry settings in the web.config file just like the tutorial for aspnet_setreg says.