You could create some kind of INI file, in which you put the user, password and connect string encrypted.
Then your ERP_LOGIN form could read this file, decrypt the data, and use the logon built-in to connect to the database. This database user should be a user with just read privileges on some security-related tables, against which you will validate the login credentials provided by the user. Then you could use the logout and logon built-ins to re-connect to the database with the appropriate user.
See Forms help for information on how to use the logout and logon built-in procedures.