I am building a site that calls an email function in order to send emails.
I call a function from external Javascript file with via $.post like the following example:
$.post('http://[mydomain]/email.php', {
'Email': '[email protected]',
'Subject': 'This is the subject',
'Text': 'This is the body'
}, function (data) {
});
But as recently noticed, anyone can write the above line to a browser console and send any email they want (using my email address of course).
So my question is:
Is there any way I can recognize this outside calls and prevent them from executing?
To make this clear once and for all:
Sensitive operations like sending emails, checking passwords, registering user should NEVER be executed on the front-end side of your website ; they should ALWAYS be executed on the back-end side of your website. This is common sense when it comes to security risks.