This question is to establish best practice.
I am building a web application with php 5.3 and MS SQL Server 2012.
My question is what is the best most secure way to have the front end app call the procedures in the DB.
1. Do i create a windows account and give that windows user rights to the appropriate DB.
2. Do I create a SQL user and give proper rights
3. Is there another way maybe that I am not aware of.
Site Application will be dealing with money so best security is a must.
User login will be needed to get into site as well.. to do certain things. Not sure if this matters but wanted to make that point.
Any links or advice as what is most secure and the best industry practice would be great!
Thanks for your help in advance.