A little background information:

I'm in a class called senior project, which is a 15 week IT solution for a real company.
The project i'm working on is a secure web page for a "middle man" loan company which allows third party credit companies to bid on loan applications. For this project my thought was to have an admin. login on the server (hosting outside of the company) to allow the basics: adding, deleting, changing records ect... One of my teammates suggested that we write a client application which would connect to the database to allow these functions. He felt that by having the admin access restricted to the company's computer with this application would provide better security. I felt we should focus our efforts on creating a secure login on the server itself rather than an application outside of the server.

any thoughts or suggestions?