I don't know how to answer your question, but I can share my similar experience with you.
2 years ago I was working on a Java applet project, the database is Sybase. As the java bytecode is not a pure-compiled code, it's unsafe to put the userid and password of the database in the java code. But with JDBC you have to.
The final solution is I set a privillege protection on the database with carefully designed mechanism. I use table privillege and stored procedure.
In that case, even someone get the userid and password, he still cannot access the protected data in the database.
2 years ago I was working on a Java applet project, the database is Sybase. As the java bytecode is not a pure-compiled code, it's unsafe to put the userid and password of the database in the java code. But with JDBC you have to.
The final solution is I set a privillege protection on the database with carefully designed mechanism. I use table privillege and stored procedure.
In that case, even someone get the userid and password, he still cannot access the protected data in the database.