A client I am building a website for uses password / promo codes for their "Members Only" section, allowing members to gain access to special content. I am storing said passwords via MySQL, encrypted using sha1.
The client needs to see these passwords in the administrator control panel as plain-text. Obviously this is not an option using sha1.
What's the trade-off when it comes to encrypting passwords in the database, vs storing plain text? Should I simply store them in the database as plain-text, and just salt them in post?
What's the best method for having the ability to show plain-text passwords while maintaining a decent level of security?