Certain vulnerabilities within Ajax applications can allow malicious hackers to reek havoc with your applications. Identity theft, unprotected access to sensitive information, browser crashes, defacement of Web applications, and Denial of Service attacks are just a few of the potential disasters Ajax applications can be prone to and which developers need to guard against when building Ajax capabilities into their applications. Regular developerWorks author Judith Myerson suggests some application-strengthening tools, including Firefox tools and add-ons, which you can use to improve or solve security problems within your Ajax applications.
Due to browsers' prohibition on cross domain XMLHTTP calls, all AJAX websites must have a server side proxy to fetch content from external domains like Flickr or Digg. From the client-side JavaScript code, an XMLHTTP call goes to the server-side proxy hosted on the same domain, and then the proxy downloads the content from the external server and sends back to the browser. In general, all AJAX websites on the Internet that are showing content from external domains are following this proxy approach, except for some rare ones who are using JSONP. Such a proxy gets a very large number of hits when a lot of components on the website are downloading content from external domains. So, it becomes a scalability issue when the proxy starts getting millions of hits. Moreover, a web page's overall load performance largely depends on the performance of the proxy as it delivers content to the page. In this article, we will take a look at how we can take a conventional AJAX Proxy and make it faster, asynchronous, continuously stream content, and thus make it more scalable.
I just got to announce the Google AJAX Libraries API which exists to make Ajax applications that use popular frameworks such as Prototype, Script.aculo.us, jQuery, Dojo, and MooTools faster and easier for developers.
Here are the points I consider important when we're talking about Ajax APIs in JavaScript (Ajax implies that but you'd be surprised how often a REST API is advertised as Ajax): Good documentation / Usage examples to copy + paste / Modularity / Link results to entries / Offer flexible input / Allow for custom object transportation / Cover usability basics
There are plenty of times when you want to see something closer, to get a good look at the texture of a sculpture, or find out if that's a reflection or a scratch on that used car you're looking at.
Seadragon, implemented as the Deep Zoom feature of Silverlight, allows you to do that. But what if you're not using the Silverlight platform? That's what Seadragon Ajax is for.
Seadragon Ajax, written from the ground up in JavaScript, gives you the ability to add a Deep Zoom viewer into your blog, web site, or even your eBay listing. Just like this
"RCP applications in a web browser
The Rich Ajax Platform lets you build rich, Ajax-enabled Web applications by using the Eclipse development model, plug-ins with the well known Eclipse workbench extension points and a widget toolkit with SWT API. Existing RCP applications can be run as Web applications with only minor changes.
SWT, JFace and Workbench API
RAP is very similar to Eclipse RCP, but it has an alternative implementation of the SWT API (called RWT) which renders the widgets remotely in a web browser. The RAP application runs on a servlet container and clients can access the application with standard web browsers. "
Wasting server resources can impact the performance of Ajax applications, resulting in excessive HTTP requests, high memory consumption, and the need for an unusual amount of polling to make applications work. Regular developerWorks author Judith Myerson suggests some open source tools and Firefox add-ons you can use to improve or solve problems with your Ajax applications.
WebORB for PHP is a robust FREE and OPEN SOURCE multi-protocol development and runtime environment that is designed to effortlessly connect Flex, Flash, AJAX and Silverlight clients with PHP classes and data from relational databases via PHP backend.
WebORB for PHP
The goal of WebORB for PHP is to enable a new generation of web applications with enhanced UI capabilities, robust client-server communication, streamlined data synchronization, transaction services support and real-time messaging, all at a reasonable cost that delivers fast time to market.
Back in February, I reviewed the first half of Shawn M. Lauriat's "Advanced Ajax: Architecture and Best Practices" (Prentice Hall, 2008, 360p). The first four chapters of Lauriat's book, which focused almost exclusively on client-side technologies, impressed me considerably. But it's taken me several weeks to get through the remainder of the book, and there's one reason why: PHP.
"DataTables is a plug-in for the jQuery Javascript library. It is a highly flexible tool, based upon the foundations of progressive enhancement, which will add advanced interaction controls to any HTML table. Key features:
Variable length pagination
On-the-fly filtering
Multi-column sorting with data type detection
Smart handling of column widths
Display data from almost any data source
DOM, Javascript array, Ajax file and server-side processing (PHP, C#, Perl, Ruby, AIR, Gears etc)
Scrolling options for table viewport
Fully internationalisable
jQuery UI ThemeRoller support
Rock solid - backed by a suite of 2800 unit tests
Wide variety of plug-ins inc. Editor, TableTools, FixedColumns and more
It's free!
State saving
Hidden columns
Dynamic creation of tables
Ajax auto loading of data
Custom DOM positioning
Single column filtering
Alternative pagination types
Non-destructive DOM interaction
Sorting column(s) highlighting
Advanced data source options
Commercial support available
Fully accessible for screenreaders / keyboard access
Sensible file size: 68K minified, 20K gzip'd
Extensive plug-in support
Sorting, type detection, API functions, pagination and filtering
Fully themeable by CSS
Solid documentation
130+ pre-built examples"
qooxdoo is a comprehensive and innovative Ajax application framework. Leveraging object-oriented JavaScript allows developers to build impressive cross-browser applications. No HTML, CSS nor DOM knowledge is needed.
It includes a platform-independent dev
Prototype is a JavaScript Framework that aims to ease development of dynamic web applications.
Featuring a unique, easy-to-use toolkit for class-driven development and the nicest Ajax library around, Prototype is quickly becoming the codebase of choice for web application developers everywhere.
WebORB for PHP is a high-performing, multi-functional development and runtime environment that is FREE and Open Source and designed to effortlessly connect Flex, Flash, AJAX and Silverlight clients with PHP classes and data from relational databases via PHP backend. Some of the key benefits of using WebORB include ease of development, improved development workflow, reduced code base to write and manage, reduced development cost and faster time to market.
""Coming from desktop application development, I have found the IT Mill Toolkit [Vaadin] to be a lot of help in the transition to web application development. With the toolkit, writing AJAX enabled web applications is as easy as writing Swing based GUI code. It hides so many frustrating details, and handles browser independence so I don't have to worry about it. Using the toolkit makes it quite easy for me to write sophisticated web applications."
Bo Thorsen, Monty Program AB"
Autocomplete was one of the first Ajax patterns to come about. We often talk about how it looks, but the how it works part is what really matters. How smart is the algorithm to work out what you are completing against? How long do you go before you kick in to see a result? Does it narrow enough?
Google recently tested a new interface for search results. The test didn't include any new feature and Google even loaded the standard search results page to display the results. An important notable change is the new format was that Google didn't load a new page to display the results and browsers didn't send proper referrals when clicking on search results.