Are there any security issues in using JSON for just data transfer, other than that it is plain text? Like, the eval() which poses a security issue when used in JavaScript. Are there any such issues, when JSON is just used to transfer data between computers and read by programs written in Java etc
A:
JSON can be used to execute JavaScript insertion attacks against any web client that uses it, unless the server (and only the server) takes appropriate precautions.
rahul
2009-07-21 07:59:43
Well, I am planning to use it only for data transfer that is used by programs other than JavaScript, in that case would that be a problem?
Ram
2009-07-27 13:58:26
A:
Certainly. Sending out passwords unencrypted using JSON would be clearly a security issue. In general, JSON itself are just bytes; it's the interpretation that's given to them which may cause harm.
MSalters
2009-07-21 08:03:00