I want to use a global workflow to send data to a Supabase table. Since the Supabase plugin runs on the WeWeb server, the data remains private, so the end-user cannot see or inspect it through the browser.
However, if I use a global workflow, will the data passed to it still remain private?
The end user can still inspect everything about your supabase setup, the only thing weweb doesnât publish is your service role key. When you publish your project, it does not go through WeWeb servers.
And yes, they can look at the traffic for any request done in any workflow. 
Nothing is private on the front-end
You need to have RLS within Supabase. Otherwise, yes.
Supabase is not a front end 
As Micah said, use RLS and u good.
I understand that itâs not front-end. But when the data is sent, the end-user can inspect, according to @Micah
I thought WeWeb servers were sending the data to Supabase.
What is the difference between sending data to a WeWeb server and to a Supabase server? You can always inspect anything you do on the front-end, thatâs like the rule number -1.
I think you might wanna study a little bit about how internet works, I know @MatthewS is making tutorials about that rn. But basically, any âhow frontend and backend worksâ resource should shed some light on this.
No, no, no⌠I probably didnât express myself clearly.
What I meant was:
I thought WeWeb server had a way of connecting to Supabase in the BACKEND.
Server-to-Server communication.
I didnât know that when I sent âadd X and Y rows to a Supabase tableâ that information was accessible by the end user, meaning they could see the information being sent.
Of course the user can see the data they get in their browser. But I didnât know that if I wrote a text by hand in the plugin, that it would be accessible by the end-user.
I thought ALL data sent by WeWeb plugins was sent in the backend.
There is no âWeWeb Serverâ as youâre referencing it. There used to be something called the WeWeb Server, but I believe it was for a slightly different purpose and itâs no longer a thing as of many months ago.
The entire project WeWeb generates is essentially detached completely from WeWeb. The plugins just make it so you donât need to use JavaScript, but nothing more really. If you put text in your content_id, someone can find it, and they could find it easily by making that request and just snooping it out in the network tab of Inspect Element.
Thank you for the clarification.
No. Nothing is private, again. You need to study it a little. There is no other way my friend.
