In the query below used in a public app, would the user be able to inspect the queries / code and be able to find out the
job.client_id or the
SELECT client.first_name, job.project_name, job.status_id, job_status.display_name, job.portal_id as jpid FROM client LEFT JOIN job ON job.client_id=client.id LEFT JOIN job_status ON job_status.id=job.status_id WHERE client.portal_id = '2d978d4a-1fe9-408c-b338-64a71cc5b5aa'
I've grabbed the proxy request from the browser inspector and don't think it's exposed, but would be great to hear someone's input who understands the inner workings of queries. I'm trying to get an understanding how they are proxied, what's exposed to users who dig around, and what isn't.