I don't think VALIDATE_PASSWORD_STRENGTH function is particularly meaningful. The password either passes the policy or it doesn't. It cannot kinda sorta 73% pass the policy and 27% fail it. Any attempt to assign a non-boolean "weight" to it will necessarily be very arbitrarily.

For example, the attached PR assigns an equal weight of 1 to every plugin that the password passed and 0 to a plugin that it failed. And then normalizes the result. There is no logical reason why all plugins should be equally important. Nor a password that passed 2 out of 5 installed plugins is any "more acceptable" than a password that passed 4 out of 5. Both cannot be used, as they failed a required policy, set by the DBA.

In other words, MariaDB shouldn't have this function.

I would welcome such a function.

In some cases you want to check a password without setting it yet. For example, in my application I would like to display the password strength to the user before he presses “Apply” to change his password.

Another important use case in my application is that I want to display warnings when a user uses a password that no longer matches the current password policy. Currently I have to parse the Simple Password Check variables and check the password in the application itself. This solution is not optimal because, for example, it cannot access the Cracklib dictionary of the Cracklib Password Check plugin.

Okay. This makes sense. A function that allows to check in advance whether a password satisfies the policy could be useful indeed. But it can only return a boolean TRUE/FALSE, there's no objective way to make it to return a number from some range.