I’m working on a login system and I’m not sure about the best way to handle user data. Here’s what I’ve got:
UserInfo
---------
id (int)
fullName (varchar)
emailAddress (varchar)
hashedPassword (varchar)
paymentInfo (varchar)
Right now, I’m checking the email and password in the database. If they match, I get back the user’s ID and name. But I can’t turn this into a UserInfo object easily.
I end up making a new object like this:
UserInfo loggedInUser = new UserInfo();
loggedInUser.setId(result[0]);
loggedInUser.setFullName(result[1]);
I could grab the whole user record from the database, but I’m worried about sending sensitive info like the hashed password or payment details to the frontend.
What’s the best way to handle this? Should I just send everything to the frontend? Or is there a better way that doesn’t involve creating new objects all the time? I’m looking for a good balance between security and efficiency. Any advice?
hey there! i’m curious, have u tried using jwt tokens? they’re handy for user auth and you can store only needed info in them. what do u think—could this method solve your dilemma while upping security?
hey sam, def don’t send everything to the frontend! that’s asking for trouble. maybe make a simplified version of UserInfo with just the basics? like UserBasic with id and name. keep the sensitive stuff safe on the backend. its a bit more work but way safer. good luck with ur project!
Sending the entire user data to the frontend is definitely not recommended, especially sensitive information like hashed passwords and payment details. It’s a significant security risk. Instead, consider creating a separate DTO (Data Transfer Object) that only contains the necessary user information for the frontend.
For example, you could create a UserDTO with just id, fullName, and emailAddress. This way, you’re only sending what’s needed. You can keep the full UserInfo object on the server-side for backend operations.
Another approach is to implement a robust API that provides specific endpoints for different pieces of user information. This allows you to control exactly what data is sent to the frontend and when.
Remember, it’s always better to err on the side of caution when it comes to user data. The minor inconvenience of creating separate objects is far outweighed by the security benefits.