Hi,
Yes, the problem is precisely that: applets, barring additional
permissions, are only allowed to open network connections to their
originating machine (the machine their code is downloaded from). The
"proper" solution is to sign the applet, but that opens many evil
cans of worms (you actually have to sign something like three times,
once for Netscape, once for IE, and once for the Java plugin), and
then use the three different APIs to request the required additional
permissions, etc. etc.. Don't go there. I'd say the best way of doing
this is to set up port forwarding from the web server to the database
server, then have the applet connect to the web server and access the
database through the forward. Also, I must inform you that if this is
intended for public use, what you've done is a bad idea: the applet
should *almost* *never* connect directly to the database in a public
system. See, someone could easily download your applet and pull a
username and password out for the database. Once this is done, they
can log into the database directly. In general, the database's access
control system doesn't provide the level of control necessary to make
this "not a problem". A better solution is usually to use servlets to
talk to the database and have the applet talk to the servlets. The
applet and servlets could send (for example) XML back and forth. This
also means there's less chance of somebody not being able to connect
because they're behind a firewall which doesn't allow outbound
connections to the database at your site. Using the servlet method,
the applet only needs to be able to access Web (which is obviously
already possible, since the user downloaded the applet).

Anyway, those are my two cents.
Chris