Public app query - are inner join IDs exposed to user?

In the query below used in a public app, would the user be able to inspect the queries / code and be able to find out the job.client_id or the

SELECT client.first_name, job.project_name, job.status_id, job_status.display_name, job.portal_id as jpid
FROM client
LEFT JOIN job_status ON
WHERE client.portal_id = '2d978d4a-1fe9-408c-b338-64a71cc5b5aa'

I've grabbed the proxy request from the browser inspector and don't think it's exposed, but would be great to hear someone's input who understands the inner workings of queries. I'm trying to get an understanding how they are proxied, what's exposed to users who dig around, and what isn't.


Hey @DavidS!

The response sent to your browser should just be the result of the query itself, since those columns aren't actually returned in the result they won't be visible by the end user.

Hi @Kabirdas

Great, thanks.