<div>
Elvin,<br />
<br />
when you say &quot;You must do them on the server side&quot;<br />
<br />
is this in the php code or in the DB procedure code?<br />
<br />
or which do you recommend?
</div>


Elvin,

when you say "You must do them on the server side"

is this in the php code or in the DB procedure code?

or which do you recommend?

<div>
<div class="content wysiwyg-content">
This question is to establish best practice. <br />
<br />
I am building a web application with php 5.3 and MS SQL Server 2012.<br />
<br />
My question is what is the best most secure way to have the front end app call the procedures in the DB.<br />
<br />
1. Do i create a windows account and give that windows user rights to the appropriate DB.<br />
<br />
2. Do I create a SQL user and give proper rights<br />
<br />
3. Is there another way maybe that I am not aware of.<br />
<br />
<br />
Site Application will be dealing with money so best security is a must. <br />
<br />
User login will be needed to get into site as well.. to do certain things. Not sure if this matters but wanted to make that point.<br />
<br />
Any links or advice as what is most secure and the best industry practice would be great!<br />
<br />
Thanks for your help in advance.
</div>
</div>


This question is to establish best practice. 

I am building a web application with php 5.3 and MS SQL Server 2012.

My question is what is the best most secure way to have the front end app call the procedures in the DB.

1. Do i create a windows account and give that windows user rights to the appropriate DB.

2. Do I create a SQL user and give proper rights

3. Is there another way maybe that I am not aware of.


Site Application will be dealing with money so best security is a must. 

User login will be needed to get into site as well.. to do certain things. Not sure if this matters but wanted to make that point.

Any links or advice as what is most secure and the best industry practice would be great!

Thanks for your help in advance.

Web site connection

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Web development software is used to create websites for both the Internet and intranets. Software can be either locally installed or operated through a cloud interface, and ranges in complexity from simple text editors to full-fledged integrated development environments (IDEs) that include graphics, video, audio, scripting and database support.

Web Development Software

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.