Creating tables for user authentication - room for improvements?

At the moment I'm developing a web application. For that, I need to create a database for user authentication.

I have something like the following in mind:

create table users
(
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
username VARCHAR(100) NOT NULL,
password VARCHAR(60) NOT NULL,
PRIMARY_KEY(id),
UNIQUE(username)
);

create table roles
(
id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT,
role VARCHAR(100) NOT NULL,
PRIMARY_KEY(id),
UNIQUE(role)
);

create table user_roles
(
user_id SMALLINT UNSIGNED NOT 开发者_StackOverflow中文版NULL,
role_id SMALLINT UNSIGNED NOT NULL,
PRIMARY_KEY(user_id)
UNIQUE (user_id, role_id),
);

Passwords are fixed size but I use varchar because I've read somewhere that in a table where you have both char and varchar columns, the char columns get converted to varchar.

Also, would it be beneficial to use FOREIGN KEY CONSTRAINTS?

1. Don't use SMALLINTs for IDs. Seriously. Why would anybody do that!? Use a larger integer type.
2. The primary key on user_roles isn't going to work. Make (user_id, role_id) the primary key and put separate (non-unique) indexes on the fields you will be querying on.
3. You could add foreign keys that link user_roles to the other tables. If you use ON DELETE CASCADE, it'll even delete the stale links if you ever delete a user or a role.