Tooling Around With Ajax
Web 2.0 operations like social networking sites have amplified the popularity of through-the-browser applications relying on Ajax. There are lots of toolkits out there for making life easier for Ajax developers. Security, however, remains a concern.
Jun 29, 2008 4:00 AM PT
Social media and Web 2.0 allow Web pages to display pop-up windows and other interactive objects without having to refresh the screen. It's now the expected behavior. Without the Ajax toolkits, it would take developers much more time to code and fix errors.
"Ajax is incredible in using the rich user experience better than page-to-page navigation. Ajax caught on over other programming methods because it is so effective in creating the interactive response on the Web," Kevin Hakman, director of product marketing for software developer Aptana, told TechNewsWorld.
"It can move around the Web. That's why social networking sites are using it," said Hakman.
The explosion of social networks is not the only factor pushing the development of Ajax toolkits. New demands for toolkits accompany the growth of Ajax on servers.
"Ajax has now jumped over to the server side. Web developers and server programmers can now use the same language on both ends," Hakman said.
"Finally, the industry is going back to what the developers of Netscape envisioned. The original idea was to use the same thing on both ends. Back then, the industry wasn't ready for it. Now the industry is."
Ajax toolkits are abundant. There are probably a half dozen leading products plus another half dozen behind that, according to Hakman. They can mix and match features, and all of them are open source, accessible and liberally licensed, he noted.
TechNewsWorld assembled a list of some of the leading Ajax toolkits based on developer recommendations. The list below is not presented in any ranking order and is not representative of any endorsements.
License: Apache 2.0
Support: Use the search term "gwt support" in Google.
License: MIT and GPL
Support: Online forums, blogs
Support: Online community
Support: Mailing list and IRC
Support: Extensive support from Yahoo in forums and well-executed examples
The transition of Web pages from traditional HTML code to the more complex features Ajax brings is perhaps changing the definition of what a "site" really is. A so-called Web page is not really a page in the traditional sense anymore.
"You are downloading a program and running it in a Web browser that is supposed to confine what it does. This is leaky and is easy to hack," Brian Chess, founder and chief scientist for Fortify Software, told TechNewsWorld.
Cross site scripting is one of the best-known examples of the security flaws that lurk in the technology upon which social networks often rely. This is a Web 1.0 trick that allows hackers to attack a vulnerability in the Web browser when visitors go to infected Web sites and view objects.
"There is great potential for cross platform attacks. But there is no great defensive mechanism because Ajax developers cannot help secure Web surfers' browsers," Chess explained.
Social networks' heavy reliance on Ajax can encourage hackers to attempt much more targeted attacks through sites like Facebook, according to Chess. For instance, hackers can unleash so-called spear phishing attacks against specific visitors to social networks, and they can more easily map out the network.
Essentially, the bad guys buy Ajax books to learn how to install attack methods such as key loggers throughout a social network.
"Today, Web surfers have a choice in avoiding social networks and their potential security risks. But soon they won't have any choice," Chess warned.