In my ASP.Net MVC 2 application I am using a Json object to submit form data. I would like to take expert advice whether it is a safe and good practice to do it or not and why? Please note, this question is not about how to do it but rather about best practice. Appreciate your valuable suggestions.
views:
54answers:
3Yes it is safe to send and receive JSON from/to the server. You only need to make sure to properly format and encode it. Whether it is good is subjective and will depend on your scenario. As JSON is a common format for javascript it is used along with AJAX requests.
I think it's a safe way to go. I don't think there is much difference (for security reasons) to send the data via a regular post or a Json object submit. In both cases the data is wrapped into a http post request which is a readable thing.
So i think both solutions are equal from a security perspective.
As said above, JSON is fine to use going both ways, provided you are still applying the same validation as you would with any form input.
Personally, I love the ability to make AJAX calls and simply do:
Return Json(myDataObject)
Then it's really easy to process that with jQuery on the client side as it's automatically transformed into javascript variables for you.