> I usually just run 'crypt()' on the clear text before storing it to the
> backend ...
Isn't this just as bad? If you store the encrypted password, that doesn't
help you in the slightest in this case, because if you can breach the list
of encrypted passwords, you still know what you need to send as the
"password" from the front end to let you into the database.
Unless I am missing something here, doing this doesn't make any
difference... Not for someone serious about breaching security, anyway...
Regards.
Gordan