currently passwordSQL (authorization in external db integration) uses scheme like
SELECT password FROM user_account WHERE username=?
so it expects password as query result which then is encrypted (passwordType set to md5 or sha1) or directly compared to what user provided.
now if i store passwords encrypted it should be possible to ask
SELECT DISTINCT 1 FROM user_account WHERE username=? and password=exotic(?) – given that i use exotic encoding
SELECT DISTINCT 1 FROM user_account WHERE username=? and password=encrypt(?,password) – if i’ll go with good old unix crypt()
Basically the idea is to pass username and password as query argument and expect boolean result (anything is true, null is false) rather that to pass just username and encode and compare returned password in application.