Of course you should not save the clear-text password in the database, so saving a hash is an improvement. Maybe salt the hash too for another improvement of security. However: Access to your database should be very secure as well. It's of no use if you save hashes of passwords in a database which is easy to access by any attacker. (A system is only as secure as its weakest element)