The front part of the website which makes all the funny pictures for the user to click on talks to the back part, which does the stuff the user wants and then tells the front part what to show. Unfortunately in this case all the security is handled in the front part, so after ir goes “yeah this guy looks good” it tells the back end “looks legit do the thing”. The problem is anyone can just message the backend and be like “hey I’m legit do the thing” and it will just do whatever you tell it.
The front part of the website which makes all the funny pictures for the user to click on talks to the back part, which does the stuff the user wants and then tells the front part what to show. Unfortunately in this case all the security is handled in the front part, so after ir goes “yeah this guy looks good” it tells the back end “looks legit do the thing”. The problem is anyone can just message the backend and be like “hey I’m legit do the thing” and it will just do whatever you tell it.