Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I encrypt my JSON data?

I'm developing a JQuery web app that will be executed locally from a DVD. The app will read all the contents of a JSON file.

Is there a good way to encrypt or obfuscate the JSON content so that only the app can read it?

like image 842
Cris Avatar asked Jan 28 '13 20:01

Cris


People also ask

How do I protect a JSON file?

Use https to secure your responses. Or you can encrypt your JSON response from the server-side & then decrypt it into the browser using JavaScript. By using HTTPS to avoid sniffing the exchanges, and by using an authentication system.

Is JSON a good way to store data?

JSON is perfect for storing temporary data. For example, temporary data can be user-generated data, such as a submitted form on a website. JSON can also be used as a data format for any programming language to provide a high level of interoperability.

What are the disadvantages of JSON?

JSON isn't as robust a data structure as XML is. There is no ability to add comments or attribute tags to JSON, which limits your ability to annotate your data structures or add useful metadata. The lack of standardized schemas limits your ability to programmatically verify that your data is correct.

Is JSON data safe?

JSON alone is not much of a threat. After all, it's only a data-interchange format. The real security concerns with JSON arise in the way that it is used. If misused, JSON-based applications can become vulnerable to attacks such as JSON hijacking and JSON injection.


1 Answers

If all you want is to prevent them from copying and pasting into something else, you could store it in BSON instead of JSON. http://bsonspec.org/#/specification

Now that only OBFUSCATES it, and will not prevent a knowledgeable person from using it if they want to.

You could also encrypt it, but you still have a similar issue as you would be storing the decrypt key inside the javascript that loads the encrypted Json.

Anyone that really wants your data is going to be able to get it. Most browser have javascript debuggers that will let you extract, or view the data at runtime.

So it mostly comes down to how much effort you want to put into making your data difficult to get at. A significantly motivated person with get at your data no matter what you do.

like image 67
Austin Harris Avatar answered Sep 20 '22 17:09

Austin Harris