In the query below used in a public app, would the user be able to inspect the queries / code and be able to find out the job.client_id
or the client.id
?
SELECT client.first_name, job.project_name, job.status_id, job_status.display_name, job.portal_id as jpid
FROM client
LEFT JOIN job ON job.client_id=client.id
LEFT JOIN job_status ON job_status.id=job.status_id
WHERE client.portal_id = '2d978d4a-1fe9-408c-b338-64a71cc5b5aa'
I've grabbed the proxy request from the browser inspector and don't think it's exposed, but would be great to hear someone's input who understands the inner workings of queries. I'm trying to get an understanding how they are proxied, what's exposed to users who dig around, and what isn't.
Thanks