Chapter 5. JSON Security Concerns
JSON alone is not much of a threat. After all, it’s only a data interchange format. By itself, it is just a document, or a stream, of data. The real security concerns with JSON arise in the way that it is used. In this chapter, we will take a look at two of the most common security concerns for JSON on the Web: cross-site request forgery and cross-site scripting.
Before we move forward in discussing security concerns, and enter into the remaining chapters of this book, we need an understanding of client-side and server-side relationships. Let’s take a quick look at these relationships, for those that do not yet understand this concept.
A Quick Look at Client- and Server-Side Relationships
Upon arriving at Pierre’s Fine Dining for dinner, I sit down at a lovely table where the napkins are folded into swans. A tall man in slacks and a nice shirt approaches the table and says, “My name is Thomas, and I am here to serve you this evening.” After he recognizes me, he lowers his voice and says, “By the way, you are one of my favorite clients.” He wags his eyebrows and says, “Here is our special menu."
After perusing the special menu, I tell Thomas what I would like for dinner, and after some time he brings it to the table. I eat a lovely dinner, and then later pay $200 for the artistically arranged plates of tiny food. It was another fine evening at Pierre’s Fine Dining, where Thomas was the server, and I was the client.
Your Internet browser has ...