I generally will not store database information in the application. Instead, I would create an API for the database on the website, perhaps using a RESTful interface or with queries that return data in the appropriate format, such as JSON, XML, or even plain text. The application can then call these web services and process the results. All information about your database remains on the server, where it (hopefully) is protected.