A friend of a friend asked
"When .NET code is compiled a program called Reflector can be used to decompile the binary file in to its original code. I understand there are tools called Obfuscators that will make the code harder to read, but it can still be decompiled and read in plain text. The problem with obfuscation is that any database username and passwords in the code are still readable as plain text. Is there anyway to stop this problem?"
This is a big old topic (the "do you really need to store the username and password in the code" is a good place to start) - but it also points out a common misconception about .NET code and obfuscation. Many folks assume that the free obfuscator we ship in the box
A good place to start is the howtoguide from August 2005 which includes a great comparison table (As this is a few years old, do check the specifics of each tool at their site as things will have changed).
If anyone has a more recent comparison, please do share. Thanks.