|
|
AJAX Experts Tackle Security, Other Issues
|
05/12/2006, By Darryl K. Taft
|
A panel of experts broke down many of the key issues surrounding AJAX—including security, tooling, support for devices and, not a small question, what will Microsoft do—at the AJAX Experience conference here May 10.
A panel of 10 Asynchronous JavaScript and XML experts, including the two moderators, Dion Almaer and Ben Galbraith, who are co-founders of Ajaxian.com, which is helping to put on the conference, took questions from the audience for an hour.
Security ranked among the chief concerns among the audience, with some questioning whether reports that AJAX opens users to security problems are true.
Panelist Alex Russell, co-founder and project lead for The Dojo Toolkit, a popular AJAX framework, said, "It's worth noting that the fundamental problems with browser security and Web application security haven't changed in five years—most rely on a single root of trust, and AJAX doesn't change that. Wider spread use of cross-domain content distribution," which is not new with AJAX, is part of the issue. "The short version is still, Don't trust the client."
Brent Ashley, a consultant and scripting specialist who focuses on AJAX development, said there are some recent developments, such as a new JSONRequest proposal, that mitigate the cross-domain problem. "There are JSON [JavaScript Object Notation] requests that don't exchange cookies during the request. And [Adobe] Flex and ActionScript have a cross-domain file that says, 'These sites are allowed to cross-domain with me.' That gives some control back to the server side. So while there are issues now, here's a new set of constraints."
Read Complete News...
|
|
|
|
|
|
|
|
|
|
|
|
|
Special offer for AjaxImpact.com Visitors!!
Subscribe to Oracle Magazine for Free!
