User permission password showing on response data

System Information
  • Strapi Version: 4.8.2
  • Operating System: win 11
  • Database: Postgress
  • Node Version: v16.18.1
  • NPM Version: 8.19.2
  • Yarn Version:

How do I prevent private data from appearing in response objects when using populate=*

Hey @Chukwuemeka_Ifeora is that a custom endpoint?

Yes, it is.

If I do a query with populate, it shows fields marked as private.
Isn’t that a bad thing?

Yes you should always senatize everyting before putting it out you would have to senatize the input and the output

1 Like

I think a user’s password should never be stored anyway, why is there no salt/hash being used?

Look at the screenshot a salt and hash are both being used.