JSON (JavaScript Object Notation) stands for Javascript Object Notation which is light-weighted designed such that humans can easily read data interchange and its execution.
The JSON format was originally specified and developed by Douglas Crockford and is described in RFC 4627 license. The JSON filename extension is .json.
JSON is based on the object notation of the JAVASCRIPT language and its standard only. However, it does not require JavaScript to read or write because it is made in text format which is language independent and can be run everywhere. JSON notation contains these basic elements which also use in JAVASCRIPT:
1. Objects: Objects begin and end with curly braces ({}).
2. Object Members: Members consist of strings and values commas(,) separated
3. Arrays: Arrays begin and end with braces and contain different values.
4. Values: A value can be a string, can be an object, an array, or the literals
5. Strings: Strings are surrounded by double quotes and contain the Unicode colon (:). Members are separated by commas(,).Values are separated by commas(,). true, false or null.character or common backslash escapes.
JSON Example:
{ “first_name”: “Rajeev”, “last_name”: “Sharma”, “email_address”: “rajeev@ezeelive.com”, “is_alive”: true, “age”: 30, “height_cm”: 185.2, “billing_address”: { “address”: “502, Main Market, Evershine City, Evershine, Vasai East”, “city”: “Vasai Raod, Palghar”, “state”: “Maharashtra”, “postal_code”: “401208” }, “shipping_address”: { “address”: “Ezeelive Technologies, A-4, Stattion Road, Oripada, Dahisar East”, “city”: “Mumbai”, “state”: “Maharashtra”, “postal_code”: “400058” }, “phone_numbers”: [ { “type”: “home”, “number”: “9975666694” }, { “type”: “office”, “number”: “9822117730” } ], “date_of_birth”: null }
Advantages of JSON:
1. JSON is Faster:
JSON syntax is very easy to use. We have to use only -> as a syntax which provides us an easy parsing of the data and faster execution of the data. Since its syntax is very small and light weighted that’s the reason that it executes the response in the faster way.
2. Schema Support:
It has the wide range of supported browser compatibility with the operating systems so the applications made with the coding of JSON doesn’t require much effort to make it all browser compatible. During development, the developer thinks for the different browsers but JSON provides that functionality.
Rest API Security – How secure JSON data transfer
3. Server Parsing:
On the server side parsing is the important part that developers want if the parsing will be fast on the server side then the only user can get the fast response of their response so in this case JSON server-side parsing is the strong point that indicates us to use the JSON on the server side.
4. Tool for sharing data:
JSON is the best tool for the sharing data of any size even audio, video etc. This is because JSON stores the data in the arrays so data transfer makes easier. For this reason, JSON is a superior file format for web APIs and for web development.
Disadvantages of JSON:
First and foremost, in JSON has no error handling for JSON calls. If the dynamic script insertion works, you get called and will get the response perfectly.
If not inserted, nothing happens. It just fails silently. For example, you are not able to catch a 404 error from the server, Nor can you cancel or restart the request. You can, however, timeout after waiting a reasonable amount of time.
Another major drawback of JSON is that it can be quite dangerous if used with untrusted services or untrusted browsers, because a JSON service returns a JSON response wrapped in a function call, which will be executed by the browser if it will be used with untrusted browser it can be hacked, this makes the hosting Web Application Vulnerable to a variety of attacks.
If you are going to use JSON services, it’s very important to be aware of the threats which JSON have in that and also be aware of the things which can protect it. JSON only have limited supported tools which we can use during JSON development.
How to secure data and prevent JSON Vulnerability & Hijacking:
JSON prevent Cross Site Request Forgery (CSRF)
JSON is not fully secure as we think in the web world, Cross Site Request Forgery (CSRF) in JSON Array hack allow grab sensitive user data from an unsuspecting user.
This is major in exposing a JSON service which contains JSON array, sensitive data, responds to GET requests, Request with JavaScript enabled, request supports the __defineSetter__ method etc.
In Above we had discussed the issue, Now will discuss how to prevent CRSF Attack and Secure sensitive data in following points:
- Most important, All the request method has to be POST and Prevent your code to accept only POST Request. $.ajax ({ url: ‘http://yourdomainname.com/login’, dataType: ‘json’, data: JSON.stringify(dataObject), contentType: ‘application/json; charset=utf-8’, type: ‘POST’, success: function (jsonData) { // Success callback }, error: function() { //any error to be handled } });
- Add unique CSRF token in request prevent the application from cookie hijacking and bad requests.
- Always use secure transfer protocol (HTTPS) in requests.
- Check special header such as the X-Requested-With: XMLHttpRequest or Content-Type: application/json before serving the response to the request.
- Code testing tools like checkmarx, SonarQube, Burp Suite etc. will help to application security.
- User Access log should be managed to check which user activities.
- Use API and End URL authentication to validate current endpoint.
- Should use token-based API access such as JSON Web Tokens (JWT).
- Implement Error handling and Do not provide any technical detail in API call.
Example of JSON Web Service PHP with MySQL:
MySQL Database :
create database IF NOT EXISTS `ezeelive_json_rest_tutes` — — Table structure for table `customer` — CREATE TABLE IF NOT EXISTS `customer` ( `customer_id` int(11) NOT NULL AUTO_INCREMENT, `first_name` varchar(50) NOT NULL, `last_name` varchar(50) NOT NULL, `email_address` varchar(100) NOT NULL, `password` varchar(100) NOT NULL, `is_active` text NOT NULL, PRIMARY KEY (`customer_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; INSERT INTO `customer` (`customer_id`, `first_name`, `last_name`, `email_address`, `password`, `is_active`) VALUES (1, ‘Rajeev’, ‘Sharma’, ‘rajeev@ezeelive.com’, ‘e10adc3949ba59abbe56e057f20f883e’, 1), (2, ‘Nitin’, ‘Bhardwaj’, ‘nitin@ezeelive.com’, ‘6d071901727aec1ba6d8e2497ef5b709’, 0);
config.php
json_rest_customer_list.php
$customer_id, “first_name” => $first_name, “last_name” => $last_name, “email_address” => $email_address, “is_active” => $is_active); } $json = array(“status” => 1, “info” => $data); }else{ $json = array(“status” => 0, “msg” => “An error occurred.”); } @mysql_close($conn); // Output json header header(‘Content-type: application/json’); echo json_encode($json);
JSON Output:
{ status: 1 info: [2] 0:{ customer_id: “1”, first_name: “Rajeev”, last_name: “Sharma”, email_address: “rajeev@ezeelive.com”, is_active: “1” }, 1:{ customer_id: “2”, first_name: “Nitin”, last_name: “Bhardwaj”, email_address: “nitin@ezeelive.com”, is_active: “0” } }
Google Trends Report:
Conclusion:
As we saw many technologies here we come to end with some good and some bad parts about is so same also happening with the JSON.
It also have its advantages and disadvantage, like if you except a quick and perfect response from the server then you can refer it, it has the wide range of schema supported with that but to use that we the device should be on the trusted network otherwise meanwhile it can make a problem for yourself only.
Summary
Article Name
JSON – its advantages and disadvantages
Description
Providing json web services php, mysql, mongodb, sqlserver, oracle, json web service tutorial, mysql json php, webservices in php, php create web service.
Author
Rajeev Sharma
Publisher Name
Ezeelive Technologies
Publisher Logo
