Doing MD5 on the password once at the front end seems to prevent the transmission of plaintext. In fact, there is only one way to improve the security of users, that is, users use the same password as you on other websites. And under no circumstances can you improve the security of your website. The above-mentioned transmission process, memory and log all have no plaintext password, which can only protect users' own interests and cannot improve the security of their own services. Because the transmission process is not encrypted, you can send data packets at will. As to whether to send an abc 123 or an e99a18c428cb38d5f260853678922e03, it makes no difference to your program. At this time, your program is a lamb. This process can be seen as your users all use 32-bit string passwords, that's all. In fact, all websites have many users using the same password, which can be said to be of little significance. But even if the signature is made by the front end, it is still easy to be hit by the library because the hash is exposed. However, if the safety is not improved, will it not be done? Of course, because we have to deal with auditing.