Speaking of strange client requirements, one requirement they came up with today is to retain attempted username/passwords that failed.
Does anyone know if this is even legal? It seems reasonable to me that this might be illegal, as these credentials could be valid for other services the user uses. However, I could not find any EU legislation forbids this (I am based in Europe). I realize that the legality or not of this may is probably relative to the country, so to make it more specific, does anyone know if it is (il)legal in Europe of the US? -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/W24TkW17ESQJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
