No matter how secure your software, hardware, database or connection is, you should
NEVER store a user's password in its original form.
NEVER.
A password should
always be encrypted, preferably with a
salted hash algorithm.
Using the SHA-1 hash algorithm as an example, the string "
Ben" becomes "
41126fc03289a05d86219d28b38e5e365ff0359f" and this is what should be stored on your database.
To verify a correct login, simply use:
'PSEUDO-CODE
input_username = INPUT "Enter your username: "
input_password = INPUT "Enter your passoword: "
GET FROM DATABASE password WHERE user = input_username
IF SHA-1(input_password) = password THEN ACCESS_GRANTED
The SHA-1 algorithm is used here only as a simplified example and it should not be used on it's own, since it's not considered secure anymore.
If necessary, I can explain you in detail what is a "salt" and what needs to be done to secure a password. Just let me know.