Hi Sean,
You have mentioned some options which usually aren't really secured well. In many cases read permissions are granted, having the database open for all queries; also very sensitive data. Using connections at least via the AX AOS, you will have better security. You haven't mentioned the details related to the queries and reports. A viable option might be creating reports within AX2012 or using Management reporter.
Can you share more details about your requirements?