Questions tagged [json]

JSON (JavaScript Object Notation) is an open standard for encoding data in both human-readable and machine-readable form, usually for transmission to or from a web API. Use this tag for security issues relating to the format itself, or where the fact that the data is json-formatted is core to the question. For questions about web APIs where the security issue does not depend on the data format, please use [api]

JSON (JavaScript Object Notation) is an open standard for encoding data in both human-readable and machine-readable form, usually for transmission to or from a web API.

Use this tag for security issues relating to the format itself, or where the fact that the data is json-formatted is core to the question. For questions about web APIs where the security issue does not depend on the data format, please use api

Links:

JSON project homepage
JSON is specified in RFC 7159

122 questions

-1

votes

2 answers

Is it safe to eval JSON?

I know JSON is supposed to be a notation that can otherwise function as direct-code to evaluate Javascript? But is that so? There is a function I know about and use when I must, JSON.parse. It's the inverse of JSON.stringify. But is it otherwise…

javascript json

asked Jan 05 '19 at 21:04

Evan Carroll

2,325
4
22
29

-1

votes

1 answer

AES-CBC then SHA vs AES-GCM for encrypting and authenticating a web token

I am trying to have something like JWT but kinda ad hoc and encrypted. The token itself is simply a stringified JSON that contains the user id and unix timestamp. Now, I tried to use AES-128-GCM, however I did some simple modification in the…

encryption cryptography aes jwt json

asked May 10 '18 at 04:10

pls no

Prev 1 2 3

…