Question

what is JSON and why we use it, what the threats are and how we mitigate against them, how PHP sanitises the data, how MySQL save the data and how data gets from the server onto the web page.

Answer 1

what is JSON and why we use it

Ans:-

1. JSON stands for JavaScript Object Notation.
2. JSON is basically a data-interchange format.
3. JSON is used to store and exchange data like exchanging data between browser and server
4. It is in text format.
5. this text can be converted into javascript Object.
6. Like an Object JSON contains key and values separated using colon ':' and  two key-value pair is separated by a comma ','

what the threats are and how we mitigate against them

JSON is vulnerable to content-level attack.

JSON injection: In this, the attacker writes unvalidated data into JSON like SQL code which when parsed can cause a change in the JSON file. This can be of two types server:-

• server-side
• client-side

this can be prevented by sanitising the data both server-side and client-side

how PHP sanitises the data

Data Sanitizing is an important process. what data Sanitizing basically does is check for the illegal character and removes any illegal character from data. We need to sanitise the data before it runs and later causes problems.

php has a list of various Sanitize filters to sanitises the data like :

• FILTER_SANITIZE_EMAIL Remove all characters except letters, digits and !#$%&'*+-=?^_`{|}~@.[].
• FILTER_SANITIZE_ENCODED URL-encode string, optionally strip or encode special characters.
• FILTER_SANITIZE_NUMBER_INT Remove all characters except digits, plus and minus sign.
• FILTER_SANITIZE_NUMBER_FLOAT Remove all characters except digits, +- and optionally .

how MySQL save the data

SQL server has data file and log file, data file is of two types primary and secondary.

SQL database can have many data or log file but a single primary data file.

primary data file is initial data file and points to other data files.

Disk allocated for storing data file is divided into pages. Pages are basic storage unit in sql server. a page is of 8 kb size.

how data gets from the server onto the web page.

Basically a request is sent to the server by the browser. Then server can either accept the request or reject it depends on various conditions. If the browser accepts the request then browser send back a response to the browser and after that start sending files of the website to the browser. The files are send in the form of packets which are reassembeled at the client side by the browser and then displayed.