In my ASP.Net MVC 2 application I am using a Json object to submit form data. I would like to take expert advice whether it is a safe and good practice to do it or not and why? Please note, this question is not about how to do it but rather about best practice. Appreciate your valuable suggestions.
在我的ASP.Net MVC 2应用程序中,我使用Json对象来提交表单数据。我想接受专家建议是否安全和良好的做法,为什么?请注意,这个问题不是关于如何做,而是关于最佳实践。感谢您宝贵的建议。
3 个解决方案
#1
0
Yes it is safe to send and receive JSON from/to the server. You only need to make sure to properly format and encode it. Whether it is good is subjective and will depend on your scenario. As JSON is a common format for javascript it is used along with AJAX requests.
是的,从/向服务器发送和接收JSON是安全的。您只需要确保正确格式化和编码。它是否好是主观的,取决于你的情况。由于JSON是javascript的常见格式,因此它与AJAX请求一起使用。
#2
0
I think it's a safe way to go. I don't think there is much difference (for security reasons) to send the data via a regular post or a Json object submit. In both cases the data is wrapped into a http post request which is a readable thing.
我认为这是一种安全的方式。我认为通过常规帖子或Json对象提交发送数据并不存在太大差异(出于安全原因)。在这两种情况下,数据都被包装到http post请求中,这是一个可读的东西。
So i think both solutions are equal from a security perspective.
所以我认为从安全角度来看,这两种解决方案是相同的
#3
0
As said above, JSON is fine to use going both ways, provided you are still applying the same validation as you would with any form input.
如上所述,只要您仍然使用与任何表单输入相同的验证,JSON就可以双向使用。
Personally, I love the ability to make AJAX calls and simply do:
就个人而言,我喜欢能够进行AJAX调用并且只做:
Return Json(myDataObject)
Then it's really easy to process that with jQuery on the client side as it's automatically transformed into javascript variables for you.
然后使用jQuery在客户端进行处理非常容易,因为它会自动转换为javascript变量。
#1
0
Yes it is safe to send and receive JSON from/to the server. You only need to make sure to properly format and encode it. Whether it is good is subjective and will depend on your scenario. As JSON is a common format for javascript it is used along with AJAX requests.
是的,从/向服务器发送和接收JSON是安全的。您只需要确保正确格式化和编码。它是否好是主观的,取决于你的情况。由于JSON是javascript的常见格式,因此它与AJAX请求一起使用。
#2
0
I think it's a safe way to go. I don't think there is much difference (for security reasons) to send the data via a regular post or a Json object submit. In both cases the data is wrapped into a http post request which is a readable thing.
我认为这是一种安全的方式。我认为通过常规帖子或Json对象提交发送数据并不存在太大差异(出于安全原因)。在这两种情况下,数据都被包装到http post请求中,这是一个可读的东西。
So i think both solutions are equal from a security perspective.
所以我认为从安全角度来看,这两种解决方案是相同的
#3
0
As said above, JSON is fine to use going both ways, provided you are still applying the same validation as you would with any form input.
如上所述,只要您仍然使用与任何表单输入相同的验证,JSON就可以双向使用。
Personally, I love the ability to make AJAX calls and simply do:
就个人而言,我喜欢能够进行AJAX调用并且只做:
Return Json(myDataObject)
Then it's really easy to process that with jQuery on the client side as it's automatically transformed into javascript variables for you.
然后使用jQuery在客户端进行处理非常容易,因为它会自动转换为javascript变量。