Securing user data in SQL for a React app while improving frontend load time
I'm updating my dependencies and I'm migrating some code and Could someone explain I'm following best practices but I've been struggling with this for a few days now and could really use some help... Currently developing a personal finance application that requires secure handling of user data. The frontend is built with React, and I've set up a Node.js backend connected to a PostgreSQL database. Recently, I implemented user authentication with JWT and now need to ensure that the SQL queries are optimized for both security and performance, particularly since we allow users to access their transaction history. My initial approach involved using parameterized queries to mitigate SQL injection risks. Here's a snippet of how I structured the query: ```javascript const getUserTransactions = async (userId) => { const query = 'SELECT * FROM transactions WHERE user_id = $1'; const values = [userId]; const result = await db.query(query, values); return result.rows; }; ``` Despite this, I'm concerned about the performance impact when retrieving large datasets. I've also considered implementing pagination to limit the number of records fetched per request. Here's what I have in mind for that: ```javascript const getUserTransactionsPaginated = async (userId, page = 1, limit = 10) => { const offset = (page - 1) * limit; const query = 'SELECT * FROM transactions WHERE user_id = $1 LIMIT $2 OFFSET $3'; const values = [userId, limit, offset]; const result = await db.query(query, values); return result.rows; }; ``` While testing this, I ran into a challenge: the front end needs to know the total count of transactions to render pagination controls effectively. I thought about running a separate count query, but that seems inefficient. Another layer of complexity is the need for logging each query for security audits without significantly hindering performance. I'm considering using middleware for logging but worry about the overhead it may introduce, especially since we're expecting high traffic. Has anyone navigated similar requirements? Any best practices for optimizing SQL queries while ensuring security? I'm particularly interested in approaches that reduce the number of database calls and improve the overall user experience. Any insights or code examples would be greatly appreciated! Am I missing something obvious? Cheers for any assistance! Could someone point me to the right documentation? Thanks for taking the time to read this! Am I approaching this the right way?