I have a publicly visible data type CODES which contains thousands of unique purchase codes.
First time users who bought access to my app need to provide a unique purchase code, and the app will search through CODES to see if the code is valid, before creating an account for the user.
I can’t seem to restrict privacy on CODES, as the user account is not created yet.
The page contains the only workflow to search through CODES.
Is this secure? Or prone to hacking? Can anyone somehow read my table of CODES since it’s “publicly visible”?