I have the User entity that contains the Email/Name/.../HashedPassword/Salt.
Now, every time, after the user logs in the entire User entity goes to the client so that the user can modify some of the properties.
However I would prefer not to send the last two properties; but if I set them to null before send them to client, then when the entity comes back, I would need to get the original entity from the database, set the two properties to the just arrived entity then save it.
Is there a better solution, like saving only a part of the entity? Or maybe I am security paranoid and this is not a problem.
For avoiding reading, you can just select a new object without the properties you do not want to expose:
return user.Select(x => new User
{
Id = x.Id,
Email = x.Email,
Name = x.Name,
});
Your update procedure is the correct way to handle this.