The Fuzz Around JSON.

Publicated on : 1177612660
To be fair, a little late post. I never actually understand the practical use of JSON. The Javascript Object Model came into being when people wanted dynamic data but not in the kludgy XML format to parse. With JSON it is possible to read other external javascript files which are being populated with data pulled from the server. Now, the reason why I think it's pretty useless is because I can do the same with a normal server side language, this also allows me to echo things into Javascript variables. But, that is not the issue here. There is some fuzz for quite some time now concerning the security of JSON which I think is just nonsense.

Storing sensitive files into XML files or JSON objects is asking for trouble. It is like you store the users login credentials in Javascript source code. JSON was never intended to be used for sensitive data, mostly it was designed to ease your life and load data arrays -or objects- which could contain data that is used for the page itself, or data that is being used for trivial things like news items.

Sounds basic doesn't it? still Google didn't listen, they did just that with GMail. Storing sensitive data into javascript Object Models. Yes they learned about this mistake, but what strikes me most is that this is really a beginners flaw. No good security minded programmer stores sensitive data into files which are being executed at the client-side. You just don't do that.

So it all has to do with the implementation of JSON and Ajax per see. Like every new technique it always depends on how you implement it. To say that Ajax is unsafe is not an issue, and misses every point.