查询用户响应里包含密码的哈希,建议藏起来: <img width="1280" height="458" alt="Image" src="https://github.com/user-attachments/assets/40ba7be1-db5a-4aa4-80ce-261c48bce18a" /> 密码只是单次 sha256,可以批量碰撞([参考](https://cmd5.com/)): <img width="1280" height="265" alt="Image" src="https://github.com/user-attachments/assets/97e8d81c-9404-48ea-b989-8be91b4484cf" /> 建议使用 bcrypt 等加盐多次哈希的方案。
