From time to time when debugging SQL queries, we use online SQL prettifiers (e.g. this one) that reindent and properly format the queries to increase readability.
Can this potentially be a source of a schema or data security leak? Should we stop posting SQL queries to online services and, possibly, switch to offline tools?
A quick test shows that it is indeed sending queries to the server (unencrypted as well) rather than formatting locally with JavaScript, so yes, you should stop using it for anything you want to keep secret. Even if it were entirely JavaScript based I'd recommend against using it since it could be changed at any time.
Whether or not it's necessary to keep your schema secret is debatable (see here and here), but just because it's not necessary to keep something secret doesn't mean it's a good idea to go around telling random people. If you don't care if everyone knows your schemas and queries then go ahead, but if there is even minimal reason to keep them private I'm sure there are alternative offline formatters.
