Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I would like to use JSON, however, the security issues related to using JSON are holding me back.
There are two main issues CSRF (Cross Site Request Forgery) and the JSON/Array hack.
I have read that Double Submit the Cookie expanding from Secret Hidden Fields are possible solutions to the CSRF problem.
I wonder if there are any codeigniter add-ons to simplify the process of securing a project this way?
Any advice would be appreciated.
To help secure your application against CSRF there is a library http://blog.kylehasegawa.com/codeigniter-csrf-xsrf-library that can help. However, once CI 2 is released you need not worry – it will include CSRF/XSRF protection.
What do you mean by “use JSON”?
JSON in itself is not dangerous, it is just a way to serialize javascript objects. However, when deserializing, I advice you not to use JavaScript’s eval() function (That allows for executing arbitrary JS code if used carelessly), but use a dedicated JSON deserializer such as http://www.json.org/js.html. Newer browsers even come with built-in JSON deserializers.
For browser security issues in general, i recommend reading http://code.google.com/p/browsersec/.