You can assign network logins to the specific application pools. Custom logins other than the defaults typically have little or no access on the local machine and can be granted targeted access to the functions required on SQL Server. APP level security grant the specific user targeted access only what it is you want to grant: they don't have the access anywhere else.
None of this access is granted via SQL logins - this all can (and should) be windows auth.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?