Leo Torres
asked on
Web site connection
This question is to establish best practice.
I am building a web application with php 5.3 and MS SQL Server 2012.
My question is what is the best most secure way to have the front end app call the procedures in the DB.
1. Do i create a windows account and give that windows user rights to the appropriate DB.
2. Do I create a SQL user and give proper rights
3. Is there another way maybe that I am not aware of.
Site Application will be dealing with money so best security is a must.
User login will be needed to get into site as well.. to do certain things. Not sure if this matters but wanted to make that point.
Any links or advice as what is most secure and the best industry practice would be great!
Thanks for your help in advance.
I am building a web application with php 5.3 and MS SQL Server 2012.
My question is what is the best most secure way to have the front end app call the procedures in the DB.
1. Do i create a windows account and give that windows user rights to the appropriate DB.
2. Do I create a SQL user and give proper rights
3. Is there another way maybe that I am not aware of.
Site Application will be dealing with money so best security is a must.
User login will be needed to get into site as well.. to do certain things. Not sure if this matters but wanted to make that point.
Any links or advice as what is most secure and the best industry practice would be great!
Thanks for your help in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Elvin,
when you say "You must do them on the server side"
is this in the php code or in the DB procedure code?
or which do you recommend?
when you say "You must do them on the server side"
is this in the php code or in the DB procedure code?
or which do you recommend?
ASKER