tags:

views:

42

answers:

4
+1  Q: 

JSON security and encryption

I'm just starting to really get into JSON as a tool for my sites. I was showing my friend how I am calling a WS and returning the data, and he asked me about security of passing JSON data to and from a web service as he saw the data from the "POST" (via Firebug).

Many of our public facing sites deal with member information and contain PHI. Can I encrypt the JSON data and then unencrypt it? Is that a good way to go about it to ensure a layer of protection? Or is there another "better/right" way of doing it? Or are his concerns unfounded?

Is there an article about how to encrypt or secure the JSON data when needed? Just trying to gather as much knowledge as possible before I go down a path that won't work for the company.

If there is another post here on SO please let me know too!

Thanks!

+3  A: 

The layer you are looking for is https. Just make sure the requests go over https if the data is sensitive.

Magnus Hoff  2010-09-02 16:39:03
+1  A: 

Is there any reason not to simply use https?

podperson  2010-09-02 16:39:23
+1  A: 

Sse a secure transport layer like SSL/TLS. (HTTPS)

That's the only sensible option. Do not reinvent the wheel.

Aillyn  2010-09-02 16:39:48
+2  A: 

Magnus and Tonio are right. When you make a JSON POST request to a particular URL, prefix the URL with https rather than http. Here is an example from jquery:

$.post('https://myurl.com', function(data) {
    // The data available here has been encrypted before it arrived
});
Adam  2010-09-02 16:42:50
It seems that https is the consensus. Thanks for the example. I appreciate everyone who answered!
Jeff V  2010-09-02 18:04:43

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?