I'm doing a compare of my development server with production and find one has this:
EXEC sp_grantdbaccess N'guest'
How would anyone take advantage of the guest user in a connection string? It doesn't seem to be mapped to a logon. In pubs I see guest is a member of public. Guest doesn't seem to be deletable.
Is this some sort of anonymous access account or what? If this is a security problem, what do I do to fix it?
If a login to SQL Server has no other way into a database, the guest user permits that access. You must first have a valid login to SQL Server. Whatever permission is granted to guest, that login will have the rights to do. There are a couple of things to look at:
The general advice is not to enable the guest user. If a login should have access to a database, it is better to grant explicit access. That makes it easier to audit. With that said, you will notice that the system databases master and msdb have the guest user enabled if you take a look. This is a requirement.
More than data deletion or other malicious activity, the first thing that comes to mind is accessability of your data by unauthorized users. For some attackers, sometimes it's not about what you can destroy, but what you can copy onto their system(s). If they can replicate any sensitive data you have, then it doesn't matter if they try to come back - after all, they have their own copy! The horse will pretty much be out the barn door in this case, and sealing the breach after the fact only stops other attempts, not the replication of data already taken.