User sanitization - omit password field in relation

Good morning,

I’ve got a problem here with a relational field. I’ve got a “car” model which has n users assigned to it. If I query the car model, I also get the related user returned with it. Unfortunately though, the related user is returned with the hashed password. Is there some general mechanism to prevent api from returning the user’s hashed password in general or do I have to sanitize the user in each context it is used? Also; would that mean that I would have to write a custom controller for each instance I’m using an entity which has the user as a relation or is there maybe some global setting which marks the password field as private or something?

I’m using strapi v4.7.1, any help would be appreciated.