JSON – its advantages and disadvantages

Back to Blog
JSON versus XML - JSON web service php

JSON – its advantages and disadvantages

JSON (JavaScript Object Notation) stands for Javascript Object Notation which is light-weighted designed such that humans can easily read data interchange and its execution.

The JSON format was originally specified and developed by Douglas Crockford and is described in RFC 4627 license. The JSON filename extension is .json.

JSON is based on the object notation of the JAVASCRIPT language and its standard only. However, it does not require JavaScript to read or write because it is made in text format which is language independent and can be run everywhere. JSON notation contains these basic elements which also use in JAVASCRIPT:

1. Objects: Objects begin and end with curly braces ({}).

2. Object Members:  Members consist of strings and values commas(,) separated

3. Arrays:  Arrays begin and end with braces and contain different values.

4. Values: A value can be a string, can be an object, an array, or the literals

5. Strings: Strings are surrounded by double quotes and contain the Unicode colon (:). Members are separated by commas(,).Values are separated by commas(,). true, false or null.character or common backslash escapes.

JSON Example:

{
  "first_name": "Rajeev",
  "last_name": "Sharma",
  "email_address": "rajeev@ezeelive.com",
  "is_alive": true,
  "age": 30,
  "height_cm": 185.2,
  "billing_address": {
    "address": "502, Main Market, Evershine City, Evershine, Vasai East",
    "city": "Vasai Raod, Palghar",
    "state": "Maharashtra",
    "postal_code": "401208"
  },
  "shipping_address": {
    "address": "Ezeelive Technologies, A-4, Stattion Road, Oripada, Dahisar East",
    "city": "Mumbai",
    "state": "Maharashtra",
    "postal_code": "400058"
  },
  "phone_numbers": [
   {
   "type": "home",
   "number": "9975666694"
   },
   {
   "type": "office",
   "number": "9822117730"
   }
 ],
 "date_of_birth": null
}

Advantages of JSON:

1. JSON is Faster:

JSON syntax is very easy to use. We have to use only -> as a syntax which provides us an easy parsing of the data and faster execution of the data. Since its syntax is very small and light weighted that’s the reason that it executes the response in the faster way.

2. Schema Support:

It has the wide range of supported browser compatibility with the operating systems so the applications made with the coding of JSON doesn’t require much effort to make it all browser compatible. During development, the developer thinks for the different browsers but JSON provides that functionality.

Ezeelive Technologies - Rest API Security

Rest API Security – How secure JSON data transfer

3. Server Parsing:

On the server side parsing is the important part that developers want if the parsing will be fast on the server side then the only user can get the fast response of their response so in this case JSON server-side parsing is the strong point that indicates us to use the JSON on the server side.

4. Tool for sharing data:

JSON is the best tool for the sharing data of any size even audio, video etc. This is because JSON stores the data in the arrays so data transfer makes easier. For this reason, JSON is a superior file format for web APIs and for web development.

Disadvantages of JSON:

First and foremost, in JSON has no error handling for JSON calls. If the dynamic script insertion works, you get called and will get the response perfectly.

If not inserted, nothing happens. It just fails silently. For example, you are not able to catch a 404 error from the server, Nor can you cancel or restart the request. You can, however, timeout after waiting a reasonable amount of time.

Another major drawback of JSON is that it can be quite dangerous if used with untrusted services or untrusted browsers, because a JSON service returns a JSON response wrapped in a function call, which will be executed by the browser if it will be used with untrusted browser it can be hacked, this makes the hosting Web Application Vulnerable to a variety of attacks.

If you are going to use JSON services, it’s very important to be aware of the threats which JSON have in that and also be aware of the things which can protect it. JSON only have limited supported tools which we can use during JSON development.

How to secure data and prevent JSON Vulnerability & Hijacking:

Secure data prevent json vulnerability hijacking

JSON prevent Cross Site Request Forgery (CSRF)

JSON is not fully secure as we think in the web world, Cross Site Request Forgery (CSRF) in JSON Array hack allow grab sensitive user data from an unsuspecting user.

This is major in exposing a JSON service which contains JSON array, sensitive data, responds to GET requests, Request with JavaScript enabled, request supports the __defineSetter__ method etc.

In Above we had discussed the issue, Now will discuss how to prevent CRSF Attack and Secure sensitive data in following points:

  1. Most important, All the request method has to be POST and Prevent your code to accept only POST Request.
     $.ajax ({
        url: 'http://yourdomainname.com/login',
        dataType: 'json',
        data: JSON.stringify(dataObject),
        contentType: 'application/json; charset=utf-8',
        type: 'POST',
        success: function (jsonData) {
            // Success callback
        },
        error: function() {
            //any error to be handled
        }
     });
    
  2. Add unique CSRF token in request prevent the application from cookie hijacking and bad requests.
  3. Always use secure transfer protocol (HTTPS) in requests.
  4. Check special header such as the X-Requested-With: XMLHttpRequest or Content-Type: application/json before serving the response to the request.
  5. Code testing tools like checkmarx, SonarQube, Burp Suite etc. will help to application security.
  6. User Access log should be managed to check which user activities.
  7. Use API and End URL authentication to validate current endpoint.
  8. Should use token-based API access such as JSON Web Tokens (JWT).
  9. Implement Error handling and Do not provide any technical detail in API call.

Example of JSON Web Service PHP with MySQL:

MySQL Database :

create database IF NOT EXISTS `ezeelive_json_rest_tutes`

--
-- Table structure for table `customer`
--

CREATE TABLE IF NOT EXISTS `customer` (
`customer_id` int(11) NOT NULL AUTO_INCREMENT,
`first_name` varchar(50) NOT NULL,
`last_name` varchar(50) NOT NULL,
`email_address` varchar(100) NOT NULL,
`password` varchar(100) NOT NULL,
`is_active` text NOT NULL,
PRIMARY KEY (`customer_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

INSERT INTO `customer` (`customer_id`, `first_name`, `last_name`, `email_address`, `password`, `is_active`) VALUES
(1, 'Rajeev', 'Sharma', 'rajeev@ezeelive.com', 'e10adc3949ba59abbe56e057f20f883e', 1),
(2, 'Nitin', 'Bhardwaj', 'nitin@ezeelive.com', '6d071901727aec1ba6d8e2497ef5b709', 0);

config.php

<?php
$conn = mysql_connect("localhost", "root", "");
mysql_select_db('ezeelive_json_rest_tutes', $conn);

json_rest_customer_list.php

<?php
include_once('config.php');
$result = mysql_query("SELECT customer_id, first_name, last_name, email_address, is_active FROM `customer` ORDER BY customer_id ASC;");
if(isset($result))
{
$data =array();
while($d = mysql_fetch_array($result)){
extract($d);
$data[] = array("customer_id" => $customer_id, "first_name" => $first_name, "last_name" => $last_name, "email_address" => $email_address, "is_active" => $is_active);
}
$json = array("status" => 1, "info" => $data);
}else{
$json = array("status" => 0, "msg" => "An error occurred.");
}
@mysql_close($conn);

// Output json header
header('Content-type: application/json');
echo json_encode($json);

JSON Output:

{
status: 1
  info: [2]
    0:{
     customer_id: "1",
     first_name: "Rajeev",
     last_name: "Sharma",
     email_address: "rajeev@ezeelive.com",
     is_active: "1"
     },
    1:{
     customer_id: "2",
     first_name: "Nitin",
     last_name: "Bhardwaj",
     email_address: "nitin@ezeelive.com",
     is_active: "0"
     }
}

Google Trends Report:

Conclusion:

As we saw many technologies here we come to end with some good and some bad parts about is so same also happening with the JSON.

It also have its advantages and disadvantage, like if you except a quick and perfect response from the server then you can refer it, it has the wide range of schema supported with that but to use that we the device should be on the trusted network otherwise meanwhile it can make a problem for yourself only.

Summary
JSON - its advantages and disadvantages
Article Name
JSON - its advantages and disadvantages
Description
Providing json web services php, mysql, mongodb, sqlserver, oracle, json web service tutorial, mysql json php, webservices in php, php create web service.
Author
Publisher Name
Ezeelive Technologies
Publisher Logo

Share this post

Comments (3)

  • Avatar
    Kenneth Kasajian Reply

    Recently after having drunk the JSON Kool-Aid, I needed to create a configuration file for one of our applications. This is the kind of thing I would ordinarily use an .ini file or .xml. Having never been a fan of XML (like ever!) I thought, JSON would be a great choice for configuration files. Considering the fact it’s used that way by many programming tools, I figure that sounds like a reasonable choice.

    Well, I regret that decision. This specific configuration file has many places where the user would have to type in a file path. Now they have to type two backslashes for every backslash. Try explaining that to an end-user. Even those who regularly edit the Windows registry will wtf @ that one. And before you think this is a Windows-only issue, it’s not just backslash. According to the JSON spec, the forward-slash character also must be escaped with a backslash. It’s bad enough that JSON requires keys to be quoted when they don’t need to be, but the escaping of strings is just an unnecessary complexity for users.

    I realize the JSON fan-boys will say that if it’s too complicated for the use, then you should create a UI. I’m really not buying that argument. I can’t believe I’m saying this, but XML would have been a better option.

    November 21, 2014 at 6:08 pm
  • Avatar
    Shawn Reply

    I’m not sure how the disadvantges are because of the json format? If you are saying that ajax calls cant return errors or handle errors you are not correct.

    November 21, 2014 at 6:20 pm
  • Avatar
    Kenneth Reply

    I don’t see the disadvantage really, basically the improper data handling is the problem and not an error. Try having zero fill or default and it will be gone.

    November 25, 2014 at 5:44 am

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Blog