Gallardot opened a new issue, #14679: URL: https://github.com/apache/dolphinscheduler/issues/14679
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar feature requirement. ### Description The get-user-info API endpoint currently returns the user's password in MD5 format, which is then stored in the local storage by the web front-end. https://github.com/apache/dolphinscheduler/blob/37ecd262ee9a2228f0daf84e336dcfdd6f2ae9ad/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java#L447-L450 https://github.com/apache/dolphinscheduler/blob/37ecd262ee9a2228f0daf84e336dcfdd6f2ae9ad/dolphinscheduler-ui/src/views/login/use-login.ts#L44-L45 However, there is no functionality that requires the use of this password. Moreover, this password is just a simple MD5 hash, which can be easily cracked. https://github.com/apache/dolphinscheduler/blob/37ecd262ee9a2228f0daf84e336dcfdd6f2ae9ad/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java#L211 Therefore, I believe that get-user-info API endpoint should not return the password in MD5 format. ### Are you willing to submit a PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
