Custom's state security

arielcimax · October 19, 2023, 7:15am

HI !
I am working on an MVP that deals with groups of users. Whenever a Group is selected, I am saving all the Group info (data type) as a custom state. I am doing this because I believe that by having all the info “there” I avoid many calls to the DB and the performance is enhanced.
At this stage of my project, the most sensitive info stored in a Group is userName and userEmail.

So my questions are:

Is it a good practice to save such information as a Custom State ?
Am I really enhancing performance by saving calls to the DB ?
At this stage of my project (MVP with very few users) do you believe I should be concerned about security ?

Sorry if those are too basic concerns, but I am a total junior.
Bests!

ihsanzainal84 · October 19, 2023, 8:17am

Yes. Saving information, especially if it is repeatedly used, into states is good practice. Just make sure you account for any need to update a state list.

Yes. States are stored and manipulated client side. It improves performance and can drastically reduce your WU.

Yes. Don’t take security for granted. Whatever you build now will serve as the foundation of future features so build with security in mind.

That said don’t save sensitive information in states if you don’t really need to.

arielcimax · October 19, 2023, 8:46am

Thanks very much @ihsanzainal84 for taking the time to reply in such detail. I find it very useful.