How to secure email function
Answered
Chinese Alligator posted this in #help-forum
Chinese AlligatorOP
I'm trying to understand how to secure an email function for a contact form in nextjs.
If the contact form allows submission without being logged-in how can i secure the email function from being abused? If its a server action or api route then its exposed, and even with authentication, it could potentially be abused, right?
If the contact form allows submission without being logged-in how can i secure the email function from being abused? If its a server action or api route then its exposed, and even with authentication, it could potentially be abused, right?
Answered by American black bear
setup rate limiting and request throttling based on ip. for example allow 1 submission per 30s per ip, then throttle the wait 2x for any subsequent form submissions.
this by itself secures the form from 99% of bad actors, however someone can still do some distributed attack where they try to submit the form from multiple ips. for this you need to make it expensive for them, to discourage them even further. noe no system is perfect for this, but i like to start off simple. this can be done with a proof of work captcha. each has advantages and disadvantages, but look for something self hostable and with good ux. if you are not into that you can go with cloudflare turnstile or similar.
this by itself secures the form from 99% of bad actors, however someone can still do some distributed attack where they try to submit the form from multiple ips. for this you need to make it expensive for them, to discourage them even further. noe no system is perfect for this, but i like to start off simple. this can be done with a proof of work captcha. each has advantages and disadvantages, but look for something self hostable and with good ux. if you are not into that you can go with cloudflare turnstile or similar.
16 Replies
recaptcha?
American black bear
setup rate limiting and request throttling based on ip. for example allow 1 submission per 30s per ip, then throttle the wait 2x for any subsequent form submissions.
this by itself secures the form from 99% of bad actors, however someone can still do some distributed attack where they try to submit the form from multiple ips. for this you need to make it expensive for them, to discourage them even further. noe no system is perfect for this, but i like to start off simple. this can be done with a proof of work captcha. each has advantages and disadvantages, but look for something self hostable and with good ux. if you are not into that you can go with cloudflare turnstile or similar.
this by itself secures the form from 99% of bad actors, however someone can still do some distributed attack where they try to submit the form from multiple ips. for this you need to make it expensive for them, to discourage them even further. noe no system is perfect for this, but i like to start off simple. this can be done with a proof of work captcha. each has advantages and disadvantages, but look for something self hostable and with good ux. if you are not into that you can go with cloudflare turnstile or similar.
Answer
Chinese AlligatorOP
thank you very much
Chinese AlligatorOP
is it safe to have a server action for sending email that does the validations and then calls a utility function from a .ts file in /lib? i know server actions are zero trust, are ts files in lib safe to call?
@Chinese Alligator is it safe to have a server action for sending email that does the validations and then calls a utility function from a .ts file in /lib? i know server actions are zero trust, are ts files in lib safe to call?
American Chinchilla
Yes any validations or api calls with sensitive data should be done on the server
Chinese AlligatorOP
how can i test the security of a server action?
@Chinese Alligator how can i test the security of a server action?
American Chinchilla
Anything done on the server is safe.
You could write mockup test using vitest or something similar
But the only way an attacker can access the server is if they have access to the credentials of your deployment services; usually via email phishing or if you expose api keys or credentials somewhwre. Its really hard for an attacker to do anything on the server as there is no way to access it except via the endpoints which is what we want
Chinese AlligatorOP
i dont think you understand my concern, and also just because its running server side doesnt mean its secure, specifically server actions:
I'm asking specifically about having utility function such as send email in /lib called from server action, is my utility function safe from being called? or does the server action expose it?
All server actions are public HTTP endpoints, which means anyone can make calls to them.I'm asking specifically about having utility function such as send email in /lib called from server action, is my utility function safe from being called? or does the server action expose it?
same as having an http endpoint that send email, im concerned that the send email function gets exposed from "the api endpoint"
@Chinese Alligator i dont think you understand my concern, and also just because its running server side doesnt mean its secure, specifically server actions:
`All server actions are public HTTP endpoints, which means anyone can make calls to them.`
I'm asking specifically about having utility function such as send email in /lib called from server action, is my utility function safe from being called? or does the server action expose it?
American Chinchilla
As it says, APIs are public which is what we want, we control how users access the server
Anything done on the server is only accessible on the server
As long you call that utility in the server only its safe
Chinese AlligatorOP
okay i think i get it
thank you @American Chinchilla