Comment 11 for bug 1158328

Agreed. Obfuscation or symmetric encryption of passwords does not actually solve anything either, and is ultimately no better than plain text under most circumstances. The actual solution to the issues raised here is to not use passwords at all. Hopefully "enterprise" auditors will encourage systems which don't use passwords rather than bandages over something we've agreed for decades is bad practice.

As for MySQL, 5.5.7 and later support pluggable authentication backends: http://dev.mysql.com/doc/refman/5.5/en/pluggable-authentication.html Perhaps this is something worth documenting in an upcoming revision of the security guide?