Never store plain text passwords


Many systems have a users table, with user names, roles, and other stuff. You should never store plain text passwords in the table. If the DB is hacked, your entire system is compromised.

Instead, store a hash of the password. When someone logs in, hash the password they entered, and compare it to the hash in the DB. If they're the same, the login succeeds.

Where referenced