i am builds a java chat application , based on Java Secure Sockets and JavaFX and use Derby Database on the server side to record the members in the database ,

My Question is , how i make a secure connection between the Client Side Applet and the Server Side ? instead of the direct connection to the remote database from the client side to the server side ?

i had an idea to use Servlet as a Remote API , and calling it from the client side , and tell it the command to run it in the remote database on the server ?

Is this method Safe and Secure ? but i am worry about that may a bad people try to fetch the API URL , and try to call it badly and add wrong records to the database without needs to login the client-side application and try to hack the database ? so how i secure my self from this matter ? with notice that the client-side Application may be installed in many computers , so don't tell me to secure the API by determine the remote IP which capable to connect via the API :)

And if there are any other more secure methods please tell me

Thank you ,