true :)
short of encrypting the hell outta all my responses and then decrypting them
client-side there's nothing to do really..
and even in that case since the decryption is done client-side the algorithm
would be easily accessible :P
i guess just try not to pass sensitive information and also minify
production js to make it less easy for people to glance at it and see whats
goin on :)
On Mon, Oct 13, 2008 at 1:21 PM, MorningZ <[EMAIL PROTECTED]> wrote:
>
> Any security you feel like you get from JSON or CSV is flat out naive
>
> Either one is just as insecure as plain ol text....
>
> The advantage of using the $.getJSON method (which remember, is just
> $.ajax but with the dataType set to "json") is that you don't need to
> do anything special to parse it when you get it back from the call
>
>
>
>
> On Oct 13, 12:04 pm, Alex Weber <[EMAIL PROTECTED]> wrote:
> > Thanks Mickster and MorningZ! :)
> >
> > Gonna read up on those articles and functions tonight and give it a
> > shot! :)
> >
> > I know its terrible practice but laziness always made me return AJAX
> > requests as CSV strings that i'd then explode and access the array's
> > indices (since i know in what order the values come)
> >
> > But yeah, terrible, i know....
> >
> > I'm working on implementing JSON as the standard for my AJAX stuff
> > which will not only make my code more buzzword-compliant but secure :)
> >
> > and yeah im aware that JSON isn't the magic solution to ajax security
> > but it sure as hell beats plain-text! :)
> >
> > -Alex
> >
> > On Oct 13, 11:30 am, MorningZ <[EMAIL PROTECTED]> wrote:
> >
> > > $.post
> >
> > > gets some data, puts the outgoing data in the header, data comes back
> > > as whatever
> >
> > > $.get
> >
> > > gets some data, but puts the outgoing data on the querystring, data
> > > comes back as whatever
> >
> > > $.getJSON
> >
> > > gets some data, using "get" by default, data comes back and jQuery
> > > *expects* it to be a JSON object
> >
> > > $.ajax
> >
> > > The underlying call for all of the above
> >
> > > As for a tip on a "generic kind of jQuery parser", if you use
> > > "getJSON" then there is nothing to parse, the returned object *will*
> > > be a JSON object (as long as you properly crafted it on the server)
> >
> > > if you need a more configurable version of "getJSON", i wrote and use
> > > this wrapper function
> >
> > > function reqJSON(url, params, success, error) {
> > > var CallParams = {};
> > > CallParams.type = params.Method || "POST";
> > > CallParams.url = url;
> > > CallParams.processData = true;
> > > CallParams.data = params;
> > > CallParams.dataType = "json";
> > > CallParams.success = success;
> > > if (error) {
> > > CallParams.error = error;
> > > }
> > > $.ajax(CallParams);
> >
> > > }
> >
> > > and call it like so
> >
> > > var Params = {};
> > > Params.SomeKey1 = "some value";
> > > Params.SomeKey2 = "some value";
> > > Params.Method = "GET"; // or "POST", which it defaults to
> > > reqJSON(
> > > "url of server page",
> > > Params,
> > > function(json) {
> > > // if here, then "json" *is* a JSON object
> > > },
> > > function(x,y,z) {
> > > // if here, then some error on server, "x" has the details
> > > }
> > > );
> >
> > > On Oct 13, 10:21 am, Alex Weber <[EMAIL PROTECTED]> wrote:
> >
> > > > first off, i dont get the difference between using $.ajax, $.post or
> > > > $.get instead since the concept is the same afaik: you send a request
> > > > and receive a response. the only difference in this case is that the
> > > > response would be a JSON object... right?
> >
> > > > anyway... i've managed to generate tons of JSON objects of all sorts
> > > > but haven't been able to come up with a decent parser thats not uber
> > > > specific to each case...
> >
> > > > does anyone have any tips or a more generic kind of jQuery JSON
> parser
> > > > and some help on how to put it all together?
> >
> > > > thanks!!
> >
> > > > -Alex
> >
>
