First of all, I know this has been asked a few times now, and I have done lots of research on the subject, but I can't seem to find a definitive answer. I am either missing something vital here or this isn't possible and I'm just wasting your time. Here goes:
Imagine a database, which stores let's say only a 1000 rows, consisting of an id, a boolean value (0 or 1) that must be at some point changed and a constant string value with some information. The information can be accessed and the value may be changed ONLY if the user has commited a required action in the client java app. That only there is vital.
During my world-wide-web search, I came across two options that could suit my needs.
Set permission for each user on the database itself, and have users log in from the app using their own username and password. The client app can then communicate with the database as the user wishes, performing the tasks of reading and writing to the database as required.
Use the three-tier approach, having the java app communicate with a PHP interface that executes the query and returns an encoded json string of a sorts, which the java app can parse. I get the basic concept, you send the username and password of the client to the PHP interface which checks if the client is eligible and executes the query accordingly. No biggie.
What I can't seem to figure out is how to let only the java client change and retrieve the data. For example, should someone want to know what the contents of the strings are in approach 1, they could simply use their username and password and query the database directly. The queries are easy enough to get from the java app after decompililng. As for #2, if the app is decompiled, the PHP interface can also be reverse-engineered, allowing a user to query the database by exploiting the PHP script, even without knowing the actual password and username for the database.
I have to point out that the users are not trusted at all, and the contents of the database should remain a secret until certain conditions are met in the java app. Is there a way to acomplish that? And if there is a way I am unaware of, I am most certainly not stuck on these two options. Thank you for all your help in advance.