I am developing a website that connects to a users MSSQL database to collect information. Users are assigned to different MSSQL database accounts and connect to them using the IP, username and password stored inside the MySQL DB.

Currently, what I've got is PHP the AES encrypts/decrypts the passwords as needed. That just doesn't seem right. It prevents you from seeing the plain text password by looking in the database (which is undeniably good) but I'm not sold on it's level of security.

Hashing is great and all if you never need the password again, but I do. So I don't really know how to go about implementing a reasonable level of security into this particular aspect of the site.

Any suggestions would be great. Am I completely wrong and being an idiot. Is there a vastly superior way to do this?

Obviously if you are sending the password over to MS SQL, you are going to need to be able to reverse the value. I would think encryption would be the most correct answer here. Either way your code will still be able to extrapolate this password, otherwise you cannot connect.

If you would like to increase the security, you can seed your encryption with a checksum calculated from the user name... however, if the user name ever changes, you will need to decrypt and re-encrypt. This will only make it a bit tougher for "others" that may know you are using AES.

But at the end of the day, you will always be able to know what the password is, since you need to decrypt. There is only so much you can do in this situation, the best would be to demand the password from the user every time it's needed.