I have a website that allows the public to upload data to a feature class, including their name, phone and email. This means that my service isn't secured. When I display the record on the map, I hide that private info to the public, and require a password for the appropriate person to view that information in a separate dialog. However, separating out the private info with a password doesn't really make sense when anybody with a little SQL knowledge could go into the REST API and query the info anyway.
I thought about creating a service that only included non-sensitive info for the user to interact with and another secured for the person in our organization to see the sensitive info, but then the users would not be able to enter their personal info as the public facing service doesn't support those fields anymore.
Is there an efficient way to handle sensitive information like this? Thanks!