You're right there, but I never mentioned an OS. The server(see above^) will just run on XP. It's going to be a plain socket server. Please correct me if this is the wrong approach..!

About the database, it will basically store all the clients information, ie: username, password, email. So it needs to be really reliable, and secure.
Only the server will directly access the database, so the clients access it indirectly.