开发者

JSON security and encryption

I'm just starting to really get into JSON as a tool for my sites. I was showing my 开发者_C百科friend how I am calling a WS and returning the data, and he asked me about security of passing JSON data to and from a web service as he saw the data from the "POST" (via Firebug).

Many of our public facing sites deal with member information and contain PHI. Can I encrypt the JSON data and then unencrypt it? Is that a good way to go about it to ensure a layer of protection? Or is there another "better/right" way of doing it? Or are his concerns unfounded?

Is there an article about how to encrypt or secure the JSON data when needed? Just trying to gather as much knowledge as possible before I go down a path that won't work for the company.

If there is another post here on SO please let me know too!

Thanks!


The layer you are looking for is https. Just make sure the requests go over https if the data is sensitive.


Sse a secure transport layer like SSL/TLS. (HTTPS)

That's the only sensible option. Do not reinvent the wheel.


Is there any reason not to simply use https?


Magnus and Tonio are right. When you make a JSON POST request to a particular URL, prefix the URL with https rather than http. Here is an example from jquery:

$.post('https://myurl.com', function(data) {
    // The data available here has been encrypted before it arrived
});
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜