we are currently testing a vb client connecting to mysql database.
so far we have a problem which is when a user tries to log in with a bogus account without inputting password, it would authenticate and has full system access.
i have removed the anonymous account in mysql.user
and i have tried logging directly from the db server with a bogus account (which didn't work)
when the connection is successful, the connection string is as follows: