>> It is that I wanted my application to "look" more professional in the eyes of a DBA or whoever might want to look into the application. So I am going with the approach of only encrypting the user password.
Fair enough, though in that case you might consider a slightly modified MD5 hash routine rather than encryption, since that's regarded as more secure- even if they decompile your MD5 it doesn't reveal the password, unlike encryption that presumably uses a key. Also, if there is backend data, how are you storing the connection string?
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1
