We want to make sure that certain fields are not shown, when users call the GET URL for the users table. I think for all apps returning the password field is not a good idea for anyone. We will implement JWT eventually but still as an additional security measure I feel that the password field should not be shown in the GET response for the user table.
I am sure this can be achieved by writing a PHP script in the preprocessing or post processing scripts. However I have no clue how to do this. Will appreciate if anyone can write a basic script to hide a field or point us to the a tutorial or something.
Thanks in Advance