As is standard practice, I perform all queries in my backend. When information is sensitive then I suppress authentication when querying and then pass the information back to the front-end.
I wonder, could a person (theoretically) now see this sensitive information from the front-end? Do I need to only send back the columns from my database query which do not contain sensitive information? If yes, what do you do when you need to send sensitive information to the front-end?
Thanks for any help. I have read the docs but it does not answer my questions.
You asked, " Do I need to only send back the columns from my database query which do not contain sensitive information? "
Excellent question! The answer is a resounding YES. You can often repackage the data using the Javascript map() function .
Thanks for your response @yisrael-wix . Why is this the case? Is it still a security issue to send to the front-end, even if you do not display the information on your site. I supposed there would be no real reason to send to the front-end, but I am curious about this nonetheless.
Also, I don’t see how the map() function would be used here. Could you maybe give an example? Say you retrieved emails and first names in the backend but only need the first names in the front-end. How would map() be used here?
Even if you don’t display the data, the data can be viewed by someone who knows how to use the browser’s developer tools. All the browsers have them, here are a couple: