On Fri, Jan 29, 2010 at 12:42 AM, John Bell
<..hidden..> wrote:
There's a good description of this type of attack at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Joomla! also has a good mechanism for passing a token with each request
that eliminates this type of attack. But I echo Chris' comments that
this type of attack is theoretically possible, but unlikely.
Just to be clear, I didn't say it was unlikely. I think it poses some issues that need to be solved. I just don't think it is likely to be used as a way of covering a lot of theft by the time we get it solved. Also it is unlikely to be useful against a large portion of the users of the software simply because many users only have one person with access (the business owner).
However, as LedgerSMB ends up being used by larger businesses, the incentives to embezzle money go up and holes like this become larger problems. A hole like this undermines the basic accounting processes which are in place to prevent this sort of behavior and so it needs to be fixed.
The issue is that the complexity of the attack reduces the immediate (but not really the long-term) danger of the exploit.
Hope this helps,
Chirs Travers