Is the POST endpoint accepting database chunks (symmetrical to the GET endpoint?) or is it serving up REST-style writes and performs SQLite update statements behind the scenes?
I guess if it’s the latter, it’s just a normal REST API for writes… but it still doesn’t secure read access at all, right? That is to say, you can’t put anything in the database you don’t want all users to be able to see?
No, it's not accepting database chunks; it's doing all the writes the typical way. And you are right that all data is completely public, unless you restrict access at the file host itself.
