posted 6 years ago
This depends on how strong you want the coupling to be between the second application and the database. A direct SQL login is efficient, but it requires the second application to know details about the database schema. Additionally, it may require firewall privileges to get to the database. And it's definitely not recommended for desktop apps - that's basically the root of the infamous Microsoft SQL Server "Slammer" attack.
If you want less coupling and more flexibility, you can provide an API either as a third application or as an addition to the first application. It's more overhead, but it's more likely to be change-sensitive (if properly maintained) and generally it's going to be more secure.
Often the most important part of the news is what they didn't tell.