About Question 2.

I think it depends on the sensitivity of the data, the network connection between the server and the client, and the rollout schema of the clients.

• Sensitive data: I’d go with a client – server – DB solution for this one for sure. You can then implement https connections with possibly client-side certificates or card readers.
• Network connection: You don’t want to expose a DB to the internet. Ever. But if it’s an internal application, only accessible from a protected company network, and the data is not sensitive a direct DB connection is feasible. Do handle row locking or transaction handling correctly otherwise your users won’t be happy 🙂
• Rollout schema: If the application is actively developed there’s a fair chance that the database schema changes with it, forcing clients to update. With an intermediate server speaking, for example, SOAP/XML, you decouple database schema from data requests and you have more room to upgrade/change the database without updating all the clients.

I’d personally go for an intermediate server, as it is way simpler to maintain and optimize. There are good solutions in both Python and Java which allow you to quickly create SOAP/XML servers with database access. You can then define XML messages based on what’s needed in a certain screen, with appropriate locks, and no regard (ehm) for the database schema. It decouples the database model from the MVC model in the client and allows the client to be relatively clean.