If one must directly access the database from a client application, the right way is to make sure each user has an unique, secure database credential with only the minimal permissions necessary. However, direct database access is still a terrible idea in most cases, as it is a lot of work to prevent a resource starvation attack.