Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do you mean Java in the browser? If so, what do you think is happening when your JavaScript code hits your server's REST code returning JSON?


The primary difference is that JSON isn't considered executable-- at least not by any Java JSON libraries that I've seen; it's just data.

(Yes, non-executable data can still deliver a malicious payload, e.g. http://technet.microsoft.com/en-us/security/bulletin/ms04-02.... It's just much less common-- presumably because it's a much smaller attack surface.)


you forget the time when json was usually called with exec...

But mostly it is buffer overflow bugs that get you now.


what do you think is happening? Browsers don't use Java to parse/encode JSON... JSON is a Javascript facility.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: