I have a security concern about public faced experience builder applications. I was planning to use data_filter parameter to filter the data source with query expression. however, when I changed to some different expression, it also executes and returns features as expected behavior.User can also go to network tab, grab that url and can play with it. I have also restricted to see some sensitive information. We can restrict this by using proxy or server based apis to allow certain urls with a few parameter patterns, And also, using api keys. Is there any way to restrict sql injection from service level or server level?
