i am reading about the Json API , they say for security reason to include the Master Login Username & Master Login Password in the web service call, such as
/jw/web/json/workflow/process/start/testcall?j_username=kermit&hash=9449B5ABCFA9AFDA36B801351ED3DF66&loginAs=john
but this raised a question in my mind what is the idea of hashing the password? since i am displaying the password hash value that will be matched against the hash value in the database?
So it is still unsecure to say that the password hash value is 944....etc instead of saying that the password is for example "password123" ? i mean at the end the value of the password is visible either as a hash value it or not ?