I am responding to this in order to solve a security issue for a local application, like what looks like an OP situation, although other answers view it as a web application.
If one database is shared by several users with different security problems, as I suspect, then you really should not store the connection string to the database locally, in code, in the config, encrypted in the config, etc. Customer should not have this information. This is the only way to truly guarantee client-side security.
A specific person can simply reverse engineer your code and decrypt the connection details. Also, if they use something like .NET Reflector, debug your code, they can use reflection to pull the connection string, including the password, from the connection object. Then itβs trivial for them to connect directly to your database and extract any information they want. Of course, you may have an IP whitelist, but if one of these users is bad, you still have the same problem.
My recommendation is that you create a web service that will manage your database. The software that your end users use is simply authenticated using a web service using your user credentials and then uses this to access the resources that they are allowed to. This is the number of modern applications.
If each user has his own database, you can simply save the connection string encrypted locally, as this will be enough to prevent most problems, with the exception of malicious people who have access to the user's machine.
Obviously, as Vladimir said, you can take this as a general solution (encrypt it in the config and hope for the best), but I really do not recommend this if any security is required. For example, if you store user passwords in a database - even in hashed form - this is not a safe idea. The risk that you will run using this method for everyone is that someone can steal all your data or erase all your data or even manipulate the data to your advantage.