I have an application which uses ADO to connect to the database.
The architecture is something like this.
The application uses a generic user name / password to connect to a database.
Then it gets the logged in users' NT ID using an API call and calls a function in Oracle.
This function basically looks up a table, finds the corresponding record for the user and reads the passowrd field.

The table has a three columns.

NTID, PASSWORD, ACTIVE_FLAG

The password is encrypted before storing it in the table. The function decrypts the password.

The application uses the decrypted password and the NT ID of the user to form another connection string which it then uses to login to the application.

If I put a debug point on the connection string, I am able to get the password for the users.
I want to put an end to this. I do not want anyone to read the password in clear text.

How should I go about it?