JSON Is Like a Package on a FedEx Truck - Montana Webmaster

JSON Is Like a Package on a FedEx Truck

Introduction

The sauce is in a bottle and then a box.

A friend asked me if JSON is secure. This post will explain JSON and then explain the security issues.

Some out-of-state friends gave us a collection of hot sauces. They are in a lovely wooden display box, which contained a clear plastic structure to hold bottles, which hold the sauce. If you count a mailing box and padding, there is more packaging than sauce. Similarly, JSON is part of a much larger support structure.

What Part of the Delivery System is JSON?

You have stuff to deliver. You have the packaging the stuff came in when you bought it. You have a box for shipping. Packaging and boxes are important, but they are not moving parts. You have a delivery service with the airplanes and the trucks for delivery. You have a whole computer system tracking deliveries. Airplanes, trucks, computers … and people … are the moving parts of the delivery system.

The part of the delivery system that are moving parts, are the parts that can make a change in the delivery. That is where security is a problem.

In all the layers of getting something from one place to another, which part is the JSON in the data delivery system? The JSON is the what the consumer actually wants from the delivery system. It’s the hot sauces The rest is packaging up to work with the delivery system. Sometimes in our efforts to learn JSON, we forget that all those other pieces are equally important to make the delivery.

Why Do We Need JSON, Anyway?

Online forms and viewer interaction widgets are why we need JSON. Anytime a viewer fills out a form, there is data to be sent to the server for some kind of processing: an order, a search, signing up for something, etc. The software in the browser that can organize and send the data is JavaScript. That data is the goods in the HTTP request body.

The reason JSON is used is that when the package reaches the server, it needs to be unpacked and put together for the next piece of software to use. JSON is a simple, but predictable pattern that includes a description of what each piece of data is. We just don’t want that server to be sitting up on Christmas night trying to figure out how to put the whole thing together.

What Does JSON Look Like?

Front end developers don’t know what the backend on the server will be or specifically, what it will be doing with that data. Their job is to make sure that the data can get to the server in a format that the server can use. The JSON format clearly identifies each piece of data individually, instead of directing the server to look at some long instruction booklet (schema). That is what it means when we say that JSON is a data-interchange format. As long as the receiving software knows what to do with JSON in general, the specific data is available to that software.

Here is an example of what JSON looks like. The thing to note here is how punctuation is used. Note that there are no semicolons at the ends of the lines, like in many other languages. JSON uses a \n to signify the end of a line, but in many coding tools you may not see them.

  1. {
  2.     “Insect”: {
  3.         “name”:       “Honey Bee”,
  4.         “locomotion”:      “flying”,
  5.         “average weight”:    .1
  6.     }
  7. }

The JSON is just a large string of characters packaged for transmission.  The data is in the form of name – value pairs separated by a colon. The software that receives the JSON after it reaches the server is programmed to pull the JSON apart and use the data, as needed by the system which may be a REST API. Because the name is already there, the values are identified. If the receiving software is in Java, it will turn the JSON into Objects (deserialize), if the values will be stored in a database, Insect will be a table, name, locomotion and average weight will be fields, and Honey Bee, flying, and .1 will be data in the fields.

Note that I have introduced an error in the data, even though the syntax (punctuation) is correct. The problem is that the average weight doesn’t have a unit. Is it .1 of a ton or .1 of a milligram? It doesn’t matter how good your packaging is if the product doesn’t work. But, that problem with the data isn’t a security breach, but bad data can be exploited by a moving part to cause a security breach.

Is JSON the Same as XML?

There are similarities between JSON and XML, but if you look at each of them, the XML is generally much more complicated. Both JSON and XML allow data from one data source to be used by another data source. For example, information from a filled out form on someone’s browser can be used by the website’s server software. Another example would be where information about Sketcher shoes could be sent directly from Sketchers to an online shopping site.

The data from a form is more likely to be sent in the JSON form because it’s simpler. The data from Sketchers is more likely to be sent in XLM form because it’s more complicated.

Resources

  1. Is JSON secure?
  2. REST API’s vs. Web API’s
  3. The difference between JSON and XML

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.