asp.net - Storing connection strings in machine.config vs storing them in web.config

Question

For a dedicated server, is it better to store the connection string in web.config or machine.config? what's the advantages and disadvantages of each approach?

Thanks

Edit: I'm concerned about security here, so, the question is about which approach is more secure.

Answer 1

I would always go with web.config on the grounds that that is where everyone would expect it to be. There is no point in giving the person that has to maintain the web site any more difficulty by storing connection strings in an unusual place.

ADDITIONAL

Based on the additional information that the OP is interested in the security aspect, rather than and general reason I've added the following.

I still wouldn't store connection strings in the machine.config. If you do that any .NET application running on the machine has access to your connection strings.

web.config is a protected file. IIS won't serve it up by default unless you do something to misconfigure it.