You cannot "secure it". There is no such thing as miracle. You are not controlling the access to the database, your customer does, because "desktop application" normally means the it is used on the customer hardware, not yours (which would be a case if it was Software as a Service, for example). You either give your user the access or not. Isn't that logical? And now, one big and important general advice: if someone suggests you don't buy the idea of using
security through obscurity. Better, read about it:
http://en.wikipedia.org/wiki/Security_through_obscurity[
^].
—SA