IETF Logo Mail Archive

Re: [Json] The names within an object SHOULD be unique.

Tatu Saloranta <tsaloranta@gmail.com> Thu, 06 June 2013 02:07 UTC

Return-Path: <tsaloranta@gmail.com>
X-Original-To: json@ietfa.amsl.com
Delivered-To: json@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EA2421F8A68 for <json@ietfa.amsl.com>; Wed, 5 Jun 2013 19:07:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.6
X-Spam-Level:
X-Spam-Status: No, score=0.6 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O1QpiH-iheMs for <json@ietfa.amsl.com>; Wed, 5 Jun 2013 19:07:06 -0700 (PDT)
Received: from mail-ee0-x231.google.com (mail-ee0-x231.google.com [IPv6:2a00:1450:4013:c00::231]) by ietfa.amsl.com (Postfix) with ESMTP id B626E21F8A03 for <json@ietf.org>; Wed, 5 Jun 2013 19:07:05 -0700 (PDT)
Received: by mail-ee0-f49.google.com with SMTP id b57so858161eek.36 for <json@ietf.org>; Wed, 05 Jun 2013 19:07:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=ILJmnFGDMSvaVpiPdAAa6LBtc0H5xJqOaur6hzMVkDU=; b=jepAonl38UqT+l3gMRQjHhye41Hw+Tpi3hnOkRLh1ZOmSa0Nv96H/5cyTa9fj6VYce NOK2GEYx/RKs2lKy6mPa7v6640RiXoQbgX1TboVzWWN61ZXjbIqTfTnh4CHFrKHJRMCW MowK7dowuC2nhiBQ++h21K8e+nsOI3Kj+55+QWYI+EbvoJ+bUdxuLStG1SzfL7ZxdKEr IkQpjHJOu4JvWO9KlpLAHsvHjDGZYx7XZkb/60q+cm005QQg9U+gyKFItH1Ax77U3qs0 MgGysO8B/FmGalTYWmoDKH0hnBhs6JmZ3vlpa5oWzjNaf1QwM4P0wgMOHTeGThq1bGnn 6uhQ==
MIME-Version: 1.0
X-Received: by 10.180.86.38 with SMTP id m6mr8652581wiz.25.1370484424584; Wed, 05 Jun 2013 19:07:04 -0700 (PDT)
Received: by 10.227.97.6 with HTTP; Wed, 5 Jun 2013 19:07:04 -0700 (PDT)
In-Reply-To: <D0A99569-0915-4862-A7AE-9DE51C2E90C0@yahoo.com>
References: <51AF8479.5080002@crockford.com> <51AF9ACF.5020507@cisco.com> <D0A99569-0915-4862-A7AE-9DE51C2E90C0@yahoo.com>
Date: Wed, 05 Jun 2013 19:07:04 -0700
Message-ID: <CAGrxA247KvncfCs0K9spMZUR+Uki7M=r=Ly8X2pnpOOQ4bgtBA@mail.gmail.com>
From: Tatu Saloranta <tsaloranta@gmail.com>
To: Vinny A <jsontest@yahoo.com>
Content-Type: multipart/alternative; boundary="f46d044306424c359804de72c5e2"
Cc: Douglas Crockford <douglas@crockford.com>, Eliot Lear <lear@cisco.com>, "json@ietf.org" <json@ietf.org>
Subject: Re: [Json] The names within an object SHOULD be unique.
X-BeenThere: json@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "JavaScript Object Notation \(JSON\) WG mailing list" <json.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/json>, <mailto:json-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/json>
List-Post: <mailto:json@ietf.org>
List-Help: <mailto:json-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/json>, <mailto:json-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2013 02:07:06 -0000

On Wed, Jun 5, 2013 at 1:59 PM, Vinny A <jsontest@yahoo.com> wrote:

>
> On Jun 5, 2013, at 2:30 PM, Stephan Beal <sgbeal@googlemail.com> wrote:
>
> It gives implementations leeway on what is essentially a corner case (who
> actively generates non-unique keys?). Forcing a specific behaviour here
> could potentially leave a lot of current 100% JSON-compliant parsers
> suddenly non-compliant because of [what i perceive as] an unusual corner
> case.
>
>
> If parsers are accepting duplicate keys, they're already non-compliant.
> RFC 4627 states that keys should be unique, and the org.json reference
> parser throws an exception when it hits a duplicate key (line 1186 in
> JSONObject).
>
>
Doing this is fine, but requiring verification is quite another thing. It
opens a new possibility for DoS attacks, if parser (tokenizer) has to
verify this invariant, as it must keep all seen names for all open objects
in memory. From user perspective this also seems like pure overhead; and
non-trivial amount as well, for fast data-binding maintaining hash set may
take as much time as data-binding.

-+ Tatu +-

v2.23.0 | Report a Bug | By Email