This is about Sharepoint 2013 Web application, one app has forms auth and other is windows .
The connection string in Web.config only '%' as value But when I open IIS and open configuration section I can see both connection strings in plain text .
Now how can I assure that the developer has done the encryption on both of the connection strings ? how to verify ?