I am reading about the best way to store password information in database, and most of the examples say that we should not store the actual password in database, but hash and salt values. In a web application, the code that authenticates user is located on the server side, so we send user name and password over the wire, and on the server we read the salt value, then hash password that we received with salt, and compare it with stored hash value in db.
What if application is located on client, and application is connecting to database directly, not through some service (local network)? This means that Hash class would be exposed on the client, and I would need to read hash and salt value from db on the client, which kind of allows anyone to create a few lines of code and fetch all user info on client.
How is security/authentication handled in such scenario?