The stakes are pretty high when it comes to database password security. In many instances, all of a website’s data is stored within one or more databases. If an attacker manages to gain access, all of that data, which may include sensitive user information, could be at stake. Therefore, it is critical that you have a secure database password and also store it securely.
First of all, it is a good idea to make sure your web applications use highly secure passwords. The same rules you would use for any technology apply. Make sure you have a mix of letters and numbers and that the password does not spell a dictionary word in any common language. If you need help creating a password, use a password generator. There are many online and also one you can install directly to a Linux/Unix server called APG.
Next, you need to make sure your application passwords are stored securely within your database. In MySQL, it is never a good idea to store passwords in plain text. By encrypting your passwords within the database, you ensure that even if a hacker is able to gain access to the database, they still cannot harvest and use any of the passwords, including those of your users.
There are two good options for password storage other than the standard PASSWORD() function. You can use SHA1 or MD5 algorithms. When you apply these types of encryption, your password will go from looking like a plain text, easily hacked set of characters to an encrypted code that looks like this: 9234g6e32958647fdff75d325b455ecf.
For more information about storing passwords in MySQL, see this brief tutorial.