Question related to privacy and security, if someone can help it would be much appreciated
I have a privacy rule where where “everyone else” can view some data.
For example the datatype is “company”, and the fields checked as “everyone can see” are “company_name”, “company_industry”, etc…
I unchecked “find this in search”
I have a page on my app where content-type is this datatype (company)
As far as I understand, user accessing this page with the correct link (meaning displaying the datatype unique ID, So for example : mybubbleapp.io/company/123456789x987654321)
will be able to see the data needed (company_name value of this company, company_industry value of this company).
And an attaquant could not retrieve any other data from other company as they could not search for it. Is it correct ? Is there anything else to pay attention for ?