Re: 2009 ?????
Depends a bit on the logic. Frontends should contain hints about fields but not necessarily all relevant constraints. A good frontend will validate as much as possible inline and might include additional constraints that are not in the schema. Specifically regarding passwords: if you're only ever storing the salted hash this will be bound to be different in length.
But, of course, the login should be implemented as a testable service with a detailed API… I think you've lost > 90% of the web monkeys with that kind of requirement.