I'm not a DBA and need to properly manage our databases and security. For the most part this hasn't been real difficult or concerning until now. We have an online ordering system where we send the customer a link that allows them to order their product allocation, they would place their order and the transactions would occur in the backend.
We have a contracted programmer who wants to allow customers to login to our DB so they can manage their account info and view their orders by putting a login button on our website. I'm concerned about security and might consider security testing to validate the safety of this proposed idea once we are ready to publish the link.
Right now I'm not real comfortable about it and am concerned about any SQL injections or other security threats.
What should I consider?