Safe JSON
6 March 2007 in WebDevThere are two famous problems with JSON security. The first is CSRF (Cross Site Request Forgery) which is known as one click attack and allows the attacker to bypass cookie based authentication. The second, and lest known, is the JSON/Array hack that allows a user to steal JSON data on any other platform with a modern JavaScript interpreter.
Jeremiah Grossman used CSRF to break GMail over a year ago.
Joe Walker’s writes in his blog about the problems with JSON and secured data, specially the JSON/Array hack.
Search
Pages
Top Posts
- 15 Visual Studio .NET Add-Ins you won't live without
- Using SQLite in .NET
- How to get started with Silverlight Streaming
- Avoid chaos, don't let bugs take your project away
- Best-Ever Ad from Microsoft
Categories
- All
- Random tidbits
- Links
- Windows
- Fun
- Portuguese
- WebDev
- Programming
- Blogging
- Personal Experience
- Microsoft
- Tech
- OS
- Linux
- Security
- TV
- Software
- Databases
- Hardware
- WPF
Leave a Comment