MYSQL connector saying it has connected even with the wrong username?

Question

I am building a database connection scanner for my security course at university. I have used DriverManager.getConnection(connectionURL, username, password) and it seems to work fine but with one exception that I just cannot understand. If I enter the wrong username it is still returning a connection??? my test code is pasted below. Any pointers would be much appreciated. It returns the correct error if I put the wrong password in, if I turn the server off it tells me. But for some unknown reason it will not tell me if the username is wrong, its as if its not even checking!

public class DBConnector {


Connection connection = null;
String dbURL = "jdbc:mysql://localhost:3306";
String userName;
String password;


public DBConnector() {
    // TODO Auto-generated constructor stub
}

public Connection tryConnection(String username, String password){
    try {
        Class.forName("com.mysql.jdbc.Driver").newInstance();
        connection = DriverManager.getConnection(dbURL, username, password);

        System.out.println("Connected");

    } catch (InstantiationException e) {
        System.out.println("No Connection");
        e.printStackTrace();
    } catch (IllegalAccessException e) {
        System.out.println("Connection Refused");
        e.printStackTrace();
    } catch (ClassNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (SQLException e) {
        System.out.println("Sql Ex");
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    return connection; 

}
}   

And here is my main class to run the method.

public class MainTest {

public static void main(String[] args) {

    DBConnector dbc = new DBConnector();

    dbc.tryConnection("", "");

}

}

Maybe this has something to do with running the test on "Localhost"?

Thanks very much!

Answer 1

I would guess that you are logging in as an anonymous user.

You can make your local MySQL Server installation more secure (and hence force your code above to throw an error) by removing the anonymous user like this:

DELETE FROM mysql.user WHERE user='';

FLUSH PRIVILEGES;

Then try connecting with no username and password.