AJAX Experts Tackle Security, Other Issues | CIO Insight
Innovation
SHARE
Facebook X Pinterest WhatsApp

AJAX Experts Tackle Security, Other Issues

Written By
Darryl K. Taft
Darryl K. Taft
May 11, 2006
2 minute read

SAN FRANCISCO—A panel of experts broke down many of the key issues surrounding AJAX—including security, tooling, support for devices and, not a small question, what will Microsoft do—at the AJAX Experience conference here May 10.

A panel of 10 Asynchronous JavaScript and XML experts, including the two moderators, Dion Almaer and Ben Galbraith, who are co-founders of Ajaxian.com, which is helping to put on the conference, took questions from the audience for an hour.

Security ranked among the chief concerns among the audience, with some questioning whether reports that AJAX opens users to security problems are true.

Panelist Alex Russell, co-founder and project lead for The Dojo Toolkit, a popular AJAX framework, said, “It’s worth noting that the fundamental problems with browser security and Web application security haven’t changed in five years—most rely on a single root of trust, and AJAX doesn’t change that. Wider spread use of cross-domain content distribution,” which is not new with AJAX, is part of the issue. “The short version is still, Don’t trust the client.”

AJAX has taken the developer world by storm, but it could be even more effective with the right browser capabilities. Click here to read more.

Brent Ashley, a consultant and scripting specialist who focuses on AJAX development, said there are some recent developments, such as a new JSONRequest proposal, that mitigate the cross-domain problem. “There are JSON [JavaScript Object Notation] requests that don’t exchange cookies during the request. And [Adobe] Flex and ActionScript have a cross-domain file that says, ‘These sites are allowed to cross-domain with me.’ That gives some control back to the server side. So while there are issues now, here’s a new set of constraints.”

When asked what tools they liked to use to do AJAX development, the panelists listed the programming editors often referred to as tools for “real men” programmers: Vi, Vim (also known as “Vi Improved”) and Emacs. However, after some prodding from Almaer, the group listed a few tools specific to AJAX-style development.

“For a while there was virtually nothing; now there are some interesting things,” said Glenn Vandenburg, an independent consultant and JavaScript expert. “I think we’re in an intermediary period where there’s a whole bunch of tools that give you 30 to 40 percent of what you need, but no tool that does most of the job.”

Read the full story on eWEEK.com: AJAX Experts Tackle Security, Other Issues
Darryl K. Taft
CIO Insight Logo

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

facebook
linkedin
rss
x

Company

Contact us Advertise with us

Categories

IT Management IT Strategy News & Trends Blogs Case Studies Books for CIOs

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information