Reputation: 14242
JSON security issues?
Are there any security issues in using JSON for just data transfer, other than that it is plain text? Like, the eval() which poses a security issue when used in JavaScript. Are there any such issues, when JSON is just used to transfer data between computers and read by programs written in Java etc
Upvotes: 2
Views: 2762
Answers (3)
Reputation: 180245
Certainly. Sending out passwords unencrypted using JSON would be clearly a security issue. In general, JSON itself are just bytes; it's the interpretation that's given to them which may cause harm.
Upvotes: 0
Reputation: 35107
http://www.xml.com/cs/user/view/cs_msg/3370
http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html
Upvotes: 4
Reputation: 187110
JSON can be used to execute JavaScript insertion attacks against any web client that uses it, unless the server (and only the server) takes appropriate precautions.
Upvotes: 1
Related Questions
- Any security vulnerabilities with this JSON response?
- Is this JSON code safe?
- JSON as JavaScript object - security risks
- JSON parsing and security
- JSON security best practices?
- How to secure json
- Very Confused (And Worried) about security with JSON and Javascript
- JSON Security
- JSON Data - Parsed Or 'Eval'ed
- Quick AJAX / JSON security question