> having an application log actual passwords (whether the login was > successful or not) is a major security risk, hence no self-respecting, > security-conscious application will do this. all that should be logged > is the username attempted, along with a login success/failure > indication, never the password.
Yes, I know and you're right. The problem: A customer which has currently no way to find out if he/she still uses some old passwords for one and the same user. So I would like to do that by mysql. -- ________________________________________________________________________ Manuel Schmitt - Geschäftsführer - manitu [EMAIL PROTECTED] Welvertstraße 2 http://www.manitu.de/ 66606 St. Wendel Telefon: +49-(0)6851-99808-20 Telefax: +49-(0)6851-99808-99 PGP-Key-ID: 0x3E486E93 Unser Impressum finden Sie unter http://www.manitu.de/impressum/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
