This is an extremely (potentially) dangerous option to even consider. Depends on many things: What language are you using for the server side? How efficient and skilled are you with security in that language? What DB / RDBMS are you going to be using? Why do you think you need to allow a user to access your DB engine?