I think the Unix approach is particularly elegant.

Don't store the password in plaintext, store the result of running the password through a one-way hash function. Then for authentication, instead of comparing cleartext, hash the candidate password and compare the hashes. You can use the crypt builtin, but if you're really concerned about security you're probably better off looking through the CPAN Crypt namespace.

Update: One thing that I forgot to mention, that derby brought up and is damn important, is that sending the password over the wire in cleartext is a Bad Thing(tm). If this is a client/server app, do authentication at the client or tunnel through SSH. If this is a web app, use SSL. You get no points for security if someone can sniff the username/password pair off the network, regardless of how well you hide the passwords.

Update 2: I just realized how useless this answer is to the original question. *sigh* Of course the password needs to be in cleartext for the DB to read it, and of course it's not going to be going over the wire. (And it was such a nice little rantlet on password security, too.) Sorry, AM.

--
:wq