How should you store your application user credentials in your database?

Storing application user credentials using salted hashes is the most secure approach because it protects sensitive user information in a way that makes it extremely difficult for an attacker to recover the original password, even if they gain access to the database. When passwords are hashed, they are transformed into a fixed-length string of characters that are not reversible; hashing is a one-way function.

Additionally, applying a salt—random data that is used as an additional input to the hashing algorithm—adds further security by ensuring that even if two users have the same password, their hashed values will be different. This technique mitigates rainbow table attacks, where an attacker pre-computes hashes for many potential passwords to quickly look them up later.

In contrast, using application logic to encrypt credentials introduces complexities such as the need to manage and secure encryption keys, and if encryption is used incorrectly, it can lead to vulnerabilities. Storing credentials as clear text is obviously insecure, as it allows anyone with database access to see users' passwords directly. Base64 encoding provides no security, as it is merely an encoding method that can be easily decoded, leaving the original data exposed. Thus, employing salted hashes stands out as the most effective method for securely storing user credentials.