>>
>>Sounds reasonable to me. One thing you might also want to consider supporting is integrated authentication (eg. no username/password is passed, it authenticates using the current users credentials).
>
>How do I know what the current users credentials are?
You don't have to - when your application attempts to connect to the server w/int. auth. enabled in the connection string, SQL Server will automatically try to use the account the application is running under.