Title and summary	Date/time
1	How to Protect a JSON or Javascript Service There have been lots of explanations recently of the dangers of JSON or JavaScript remoting. This post is about what you can do to protect your scripts. The Problem The issues have been explained before, so I'm going to assume some knowledge of the p...	04-Apr-2007
2	JSON is not as safe as people think it is, part 2 Yesterday, I blogged about how to steal data from JSON by overriding the Array constructor. Today, we break into Objects too. Mark Goodwin submitted a non-deprecated syntax that uses the __defineSetter__ feature, which was a good start (Aside: does an...	06-Mar-2007
3	JSON is not as safe as people think it is I saw some discussion recently about using JSON for secured data, and I'm not sure that everyone understands the risks. I believe that JSON is unsafe for anything but public data unless you are using unpredictable URLs. There are 2 problems. CSRF (Cr...	05-Mar-2007
4	JSON and RAP JSON-RPC: There are 'quite a few' Ajax frameworks in nearly the same way that there are 'quite a few' stars in the sky, however not many that do the same sort of thing as DWR. From what I've seen the biggest competitor DWR has is JSON-RPC, which ha...	28-Mar-2006