is there a particular reason why you are using database authentication? If you are going this route most databases have the storage of encrypted passwords built in ( Oracle has excellent documentation
here). But for enterprise systems, external authentication (LDAp, Active directory, etc... ) provides single signon for users and flexibility for integration of authentication into existing systems. Just wondering if your hands are tied, and you can't even consider external authentication.