OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
TechNewsWorld.com

Tooling Around With Ajax

Tooling Around With Ajax

Web 2.0 operations like social networking sites have amplified the popularity of through-the-browser applications relying on Ajax. There are lots of toolkits out there for making life easier for Ajax developers. Security, however, remains a concern.

By Jack M. Germain
06/29/08 4:00 AM PT

Social networks are peppering the Internet with Facebook-like interactive features. Ajax (Asynchronous JavaScript and XML) is fast becoming the defacto programming tool for Web developers. But by itself, Ajax is a daunting challenge that requires demanding coding skills.

Ajax toolkits offer Web developers a shortcut method to build in the convenient and useful features that visitors of Web 2.0 sites have come to expect. However, the toolkit concept is nothing new to programming. What's newer is the proliferation of JavaScript-based toolkits to feed the social network phenomenon.

Social media and Web 2.0 allow Web pages to display pop-up windows and other interactive objects without having to refresh the screen. It's now the expected behavior. Without the Ajax toolkits, it would take developers much more time to code and fix errors.

"Ajax and Asynchronous JavaScript are very complex. Ajax toolkits allow me as a developer to do cool things with a couple of quick commands," Evan Keller, director of Internet technology Visit the VMware Tech Center for Luckie & Company, told TechNewsWorld.

Ajax Primer

One major problem with Ajax being used on social networks is the ubiquitousness of the code. Tooling of Ajax has only started to see productivity gains. JavaScript is used by hundreds of millions of Web sites today.

"Ajax is incredible in using the rich user experience better than page-to-page navigation. Ajax caught on over other programming methods because it is so effective in creating the interactive response on the Web," Kevin Hakman, director of product marketing for software developer Aptana, told TechNewsWorld.

The impact of Ajax on the Web can be likened to the innovation FedEx created with its overnight letter service. People started to discover the power of JavaScript, he said.

"It can move around the Web. That's why social networking sites are using it," said Hakman.

Toolkit Expansion

The explosion of social networks is not the only factor pushing the development of Ajax toolkits. New demands for toolkits accompany the growth of Ajax on servers.

"Ajax has now jumped over to the server side. Web developers and server programmers can now use the same language on both ends," Hakman said.

"Finally, the industry is going back to what the developers of Netscape envisioned. The original idea was to use the same thing on both ends. Back then, the industry wasn't ready for it. Now the industry is."

Ajax toolkits are abundant. There are probably a half dozen leading products plus another half dozen behind that, according to Hakman. They can mix and match features, and all of them are open source, accessible and liberally licensed, he noted.

Toolkit Roundup

TechNewsWorld assembled a list of some of the leading Ajax toolkits based on developer recommendations. The list below is not presented in any ranking order and is not representative of any endorsements.

  • Google Web Toolkit 1.4: Considered as a standard, Google Web Toolkit (GWT) simplifies the process of writing high-performance Ajax applications. First, write the front end in the Java programming language. Then GWT compiles the source into highly optimized JavaScript.

    License: Apache 2.0

    Support: Use the search term "gwt support" in Google.

  • jQuery 1.2.3: jQuery is a speedy and concise JavaScript Library that makes it easy to create HTML documents, handle events, perform animations and add Ajax interactions to Web pages.

    License: MIT and GPL

    Support: Online forums, blogs

  • MooTools 1.11: MooTools is a compact, modular, object-oriented JavaScript framework designed for the intermediate to advanced JavaScript developer. Use it to write flexible, cross-browser code.

    License: MIT

    Support: Online community

  • Prototype 1.6: Prototype is fast becoming the toolkit of choice -- it's a JavaScript framework used to ease development of dynamic Web applications.

    License: MIT

    Support: Mailing list and IRC

  • Yahoo User Interface 2.5.0: YUI Library is a set of JavaScript utilities and controls used for building rich interactive Web applications with techniques such as DOM scripting, DHTML and Ajax.

    License: BSD

    Support: Extensive support from Yahoo in forums and well-executed examples

Potential Dangers

The transition of Web pages from traditional HTML code to the more complex features Ajax brings is perhaps changing the definition of what a "site" really is. A so-called Web page is not really a page in the traditional sense anymore.

"You are downloading a program and running it in a Web browser that is supposed to confine what it does. This is leaky and is easy to hack," Brian Chess, founder and chief scientist for Fortify Software, told TechNewsWorld.

Cross site scripting is one of the best-known examples of the security flaws that lurk in the technology upon which social networks often rely. This is a Web 1.0 trick that allows hackers to attack a vulnerability in the Web browser when visitors go to infected Web sites and view objects.

"There is great potential for cross platform attacks. But there is no great defensive mechanism because Ajax developers cannot help secure Web surfers' browsers," Chess explained.

Hacker's Friend

Social networks' heavy reliance on Ajax can encourage hackers to attempt much more targeted attacks through sites like Facebook, according to Chess. For instance, hackers can unleash so-called spear phishing attacks against specific visitors to social networks, and they can more easily map out the network.

Essentially, the bad guys buy Ajax books to learn how to install attack methods such as key loggers throughout a social network.

"Today, Web surfers have a choice in avoiding social networks and their potential security risks. But soon they won't have any choice," Chess warned.


Facebook Twitter LinkedIn Google+ RSS