Reputation: 2363
How to ensure data sent via JSONP is secure?
I need to ensure that data sent out from a script is as secure as possible. The server-side language is PHP.
Any tips would be greatly appreciated.
UPDATE: What I mean is. I need to ensure the data sent from my server cannot do damage to the other server that is retrieving it. I'm not worried about the security or people seeing the data that's being sent, just need to make sure it can't harm the other site.
Upvotes: 1
Views: 434
Answers (3)
Reputation: 1496
Well you can make it a bit securer, if you say its not secure.
Btw.: never use json to list usernames && passwords or etc. only use it for harmless datas
if you do something like this,
JQUERY: $('#obj').load("json.test.php");
put these codes on the top of the json.test.php
//You have to read the url
<?php
$_domain = "testdomain.com"; //or
$_domain = "testdomain.com/index.php?_sid="; //or you can check for any parameter
$getPos = strpos($_SERVER["HTTP_REFERER"], $_domain);
if(!empty($getPos) && $getPos >= 0) die("Direct Access is not allowed!");
?>
Hope this helps
Upvotes: 1
Reputation: 31006
It is totally safe if everything is properly escaped. If your delivered JSON is valid, there is no security risk (assuming that the other side does not use evil eval on some of the values).
Upvotes: 2
Reputation: 3800
JSONP data inherently isn't secure because if anyone has the URL they can access it. Try sending raw json (without a callback function) to increase security.
It is also a very good idea to send the data using HTTPS / SSL instead of plain http, which can be intercepted on its way from the server to the client.
Upvotes: 1
Related Questions
- Is JSONP safe to use?
- How can I encrypt data in JSON?
- json_decode security
- How to secure json
- Is it necessary to validate or escape the jsonp callback string
- Securing JSONP?
- jQuery JSONP Security
- Is this safe for providing JSONP?
- Safest way to send JSON string to PHP server
- Security Issues with JSONP in jQuery