we are currently testing a vb client connecting to mysql database.
so far we have a problem which is when a user tries to log in with a bogus account without inputting password, it would authenticate and has full system access.

i have removed the anonymous account in mysql.user
and i have tried logging directly from the db server with a bogus account (which didn't work)

when the connection is successful, the connection string is as follows:

DRIVER={MySQL ODBC 3.51 Driver};SERVER=192.168.168.80;DATABASE=test;UID=ad fafda;PWD=;OPTION=3

notice that where is nothing after 'PWD='
is there anyway i can avoid this?