[eluser]JanDoToDo[/eluser]
As wowdesign said if the user chosoes a weak password their account is vulnerable! However, salting adds extra protection as it introduces a random variable into the password field that would prevent(or at least help with any potential attack). IMO, the salt should NEVER be stored in the database as if someone got access to your table then the salt would mean nothing. Instead, I for example use a script which chooses a certain length of string from the password they typed, md5 it and then concatanate that with some random characters (. ? / !) etc.. The salt in that case would be different for every user but repeatable on every occasion. If the attacked only got the Db then the password would still be extra secure with the salt.
Similarly, when a user is just signing in, the salt would help as the rainbow table attack would fail and it would take far too long for a potential hacker to get onto the system.
(But im not by any stretch of the imagination an expert.. so take what i say with a pinch of salt!)
