If client send a non encrypted and hashed password to server then attribute can be accessed by me. I should not access to that info. How can I prevent it?
I’m expecting not to access client plain text passwords because I can use that info to access other account systems. If I sell my app to another person that person can access his client password. That is wrong.