Sql server security principles

If I have a website that uses a sa account for SQL authenticatio开发者_运维百科n, this will be very bad idea, because with any SQL injection attempt, everyone can destroy database or steal credit cards.

Is there another risk rather than SQL injection?

What will be the user when you use Windows authentication?

Thank you for your time

Using the SA account is bad, really bad but I would say that using the SA account does not make you for likely to get “hacked” however if they do then you are in for a world of pain as they will have the top level of access and be able to really mess things up!

Also if the developer is stupid enough to think that using SA is a good security model then you can have a good bet that other areas of his/her security thinking will be equally bad. In short get it changed and start looking through the code for the classic rookie SQL mistakes