As frob said, you don't want to connect directly to the database from the client app. You will want to have a server with some sort of REST api that restricts what actions the client can do to the database. Not only is this more secure, but it is better design as well. By hiding the database behind an API your client side app does not need to be concerned with the structure of the database.
If your app connects directly to the database there is absolutely nothing you could do to keep hackers from doing the same. The best think you could do is create a database user with restricted permissions so they aren't allowed to drop tables or do other really damaging things. However, even with restricted permissions attackers could read any information from tables to get other users information as well as change or possibly delete it.
The best way to protect users at login is to establish an ssl connection with your server then send the username and password over that secure connection. Then have the server code do the authentication against the database. Another important thing you should keep in mind is that you should never store users passwords in the database in plain text. Instead you should do a one way hash of the passwords with some salt. This article describes how to do this.
Secure Salted Passwords