Facebook Pixel

How do I prevent sensitive fields from being returned in Mongoose queries?

Mark them with select: false. Example: passwordHash: { type: String, required: true, select: false }. They are excluded from find queries by default; you can still select them explicitly with .select('+passwordHash') when needed (e.g., for login).

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in How to Design a Good Mongoose Schema

Pick the right field types, add validation (required, min, max, enum, match), use defaults, index the fields you query, use refs for large N, embed small data, keep documents small, use timestamps, use enums for fixed sets, and hash sensitive fields.

Use ref for one-to-many with large N (messages, connections). Use embed for small, tightly coupled data that always loads together (an address inside a user). Embedding large or growing arrays bloats documents; use refs instead.

Index the fields you query and sort by. Unique on email. Compound on (fromUserId, toUserId) for connection requests. On (connectionId, createdAt) for messages. Do not index every field; indexes speed up reads but slow down writes.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.