This is our setup. Users have mobile devices with our software on. They load products from the database (on our server behind a firewall) via web service also on our server and behind a firewall - separate server though. They select the products they want to order and quantity. This is sent as xml via web service to database and processed.
Now what I would like to know if how secure is this? what can be done, if any, to improve security?