Would it be a bad idea to develop a desktop application that directly accesses the SQL server?

Question

I want to install a desktop application (on many stations - about 10-20) should access the SQL Server directly, no Services, and no server-DALs.

The application will be installed on a local network on about 10 machines, while one of them is a server. When I will install the program I will set the connection string, and the applications will talk directly to the SQL server.

Is this a bad idea?

If yes, then how bad?

Answer 1

It is not necessarily a bad idea. If you won't need to scale then it's a valid approach.

What you are describing is often called a 2-tier client-server architecture.

You should probably encrypt the connection string in the config file (but this will only stop prying eyes, not someone intent on recovering your password). The other option is to use Windows authentication via a trusted connection, but you do lose the ability to connection pool, but that should not be an issue with 10 - 50 clients (ballpark).