Oops, forgot to add the list.
---------- Forwarded message ---------- From: Ryan McIntosh <[email protected]> Date: Mon, Jan 26, 2009 at 9:02 AM Subject: Re: [Cherokee] Server Info handler To: leonel <[email protected]> Hi Guys, It's fine to use application/json for security reasons, AFAIK, but it isn't as adopted as text/x-json. Any security risk is still there, AFAIK. As for security. Please don't write JSON servlets that release secure info via GET. People can fetch it via script tags. http://directwebremoting.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html Also, even if you're using POST for exchange of secure info via JSON, please use some sort of short lifetime key exchange mechanism to authenticate clients. Ryan On Sun, Jan 25, 2009 at 8:21 PM, leonel <[email protected]> wrote: > Alvaro Lopez Ortega wrote: >> On 25-ene-09, at 16:27, Oli Warner wrote: >> >>> To add to your list: text/x-json and application/jsonrequest >>> >>> I've no idea which is right (application/json *should* be but I've >>> seen things saying not to use it for security reasons) but I've asked >>> the smart folks at StackOverflow: >>> http://stackoverflow.com/questions/477816/the-right-json-content-type >> >> Good idea! Thanks for posting the question. :) >> >>> Hopefully somebody will have a definitive answer. >> >> So far, replies tell to use "application/json", that is exactly what >> we're doing. >> >> Does someone else suffered the same problem? >> It's works fine in FF, WebKit, Safari and Opera at my side. >> >>> On Sun, 2009-01-25 at 16:06 +0100, Alvaro Lopez Ortega wrote: >>>> >>>> Open question: What's the right MIME type for that reply (a JSON web >>>> service)? "application/x-javascript", "text/javascript", "application/ >>>> json"? >> >> -- >> Octality >> http://www.octality.com/ >> >> >> > > > Checking the config I saw a /about on the default virtual server > and that /about works fine > > If I setup a new lets say /info with Server Info Handler the > /about works fine but with the /info firefox does not know what to do > then I've tested the /info/ with ie7 , firefox 3.0.5 and safari on > windows and same results as firefox on linux > > > Saludos > > > Leonel > > _______________________________________________ > Cherokee mailing list > [email protected] > http://lists.octality.com/listinfo/cherokee > _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
