Even with all the flaws that we will find in an Ajax based website, there are security measures that we could do to ensure security in our website.

Before we go to different security measures, let us first note one of the biggest problems in an Ajax based website and application: Source Code Availability. Some call it “Overly Granular Server API” referring to the API built from the server which provides little to nothing in terms of security.

Almost every hack that I have seen related to Ajax stems from this security flaw. In simple words, the biggest problem in Ajax is the availability of source code even to regular users.

Developers who follow this practice do this thinking that the code will eventually help regular users in browsing the website. Take for example an Ajax based shopping cart. Instead of having to go through different pages in security and setting up parameters, developers will just place everything in a single page. That exact page will hasten the process of regular user’s shopping. When this process is used, developers have achieved the purpose of the coding it that way.

However, they pay the price of showing the source code of the website. If they are hoping that no one will notice this and use it for bad intentions, they are definitely wrong. The source code is essentially the key to every hack in an Ajax based website. The easier hackers get their hands to the source code, the faster they could attack the system. A source code in an online store is a sitting duck for hackers. They could easily bypass the admin and change the security settings and even the prices so they could easily shop online without any problem – or payment.

To counter this problem, we pose two different security measures:

The first security measure is the way we build our website. We go back to the shopping cart where the price is presented to the online shopper. Hackers could easily see the source code and change the parameters. Instead of presenting the price altogether, it’s always a better practice to divide the information in every page. With that practice you should be able to set specific parameters in every page. That way, every time a new page loads, it should be able to detect changes in any part of the system. Hackers would have to change everything in your website just to hack the price and before they could do that, you already detected the attacks and prevent them.

If ever you will be forced to place the entire transaction in a single page, you should opt for a secured coding practice. Our usual practice is to place comments within the code so that other developers will easily understand the process even though you are not there to explain. Doing that in the source code means suicide when it comes to security. Instead of placing comments right in the website, build another copy of the code with the comments. Although it does not provide that much of a protection, a comment-less web program can help with the website’s security.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Posted by MixedSoup | No Comments »

Introduction

One of the major concerns of information technology (IT) in the present historical moment is making the Web and web applications as efficient as possible. This insures a business’ competitive edge in this era where operating systems and applications are increasingly accessed and/or stored on the Internet. Web applications that can function on a variety of platforms or in a variety of contexts have been difficult to attain. Third-party protocols like Flash or Java’s “applets” have tried to bring more dynamism and user-friendly interactivity to web applications.
Other limitations of using web applications are the frustration and workflow interruptions that come from page-loading delays. However, the technologies encompassed in Ajax (Asynchronous JavaScript and XML) try to enable web applications so they can function quickly and efficiently in a variety of contexts without this lag time.
This article will describe the major technological components of Ajax. A brief outline of these will set the stage for understanding how they work together to enact Ajax methods that make web applications so much more competent and interoperable. Finally, this article will discuss some of the major advantages in the Ajax approach.

Background

Ajax is a form of web development. Jesse James Garret coined the term in 2005. Ajax is not an object, but rather a practice- the working together of several pre-existing technologies. The following are the component technologies that comprise Ajax. XHTML (Extensible Hypertext Markup Language) and CSS (Cascading Style Sheets style web pages and standardize formats for consistent information-sharing over the web. The DOM (Document Object Model) is accessed with a client-side scripting language, like JavaScript.
This allows for information to be presented dynamically and in a manner that allows interaction. XMLHttpRequest objects enable asynchronous data exchange with web servers. XML (Extensible Markup Language) provides the format for transmitting data between server and client. The most important detail for formatting data in Ajax is server-side scripting. Server-side scripting allows user requests to be processed by running the script directly on the server to make dynamic and interactive HTML (Hypertext Markup Language) web pages. It is used to format and present the interface between a web page and a database.
However, Ajax is not a new thing. The technologies that make it up have been around for a while and offer tested and trusted solutions.

Uses

Ajax’s primary contribution to web pages is user-experience improvement. Web pages usually require several applications to function. This can make it seem like a cumbersome operation where users have to wait for the separate applications to refresh before interacting with the complete page. Decreasing user delay, which is a direct result of Ajax techniques, could make the Internet even more popular and pervasive than it already is.
Another advantage of Ajax is a decrease in bandwidth use. Bandwidth in web hosting refers to the amount of data that can be communicated between user and server/website. In Ajax, bandwidth is used only to accomplish specific demands without requiring that the page be re-loaded (which requires bandwidth, every time a request is made. Contents are loaded on demand and HTML is produced locally from the browser. Ajax also allows programmers to separate methods and formatting for specific information delivery functions on the Web.
Programmers can use whatever languages or formats work for their specific goal. For example, raw data, usually obtained in XML from a server-side database is separated from the format or structure of the webpage, which is usually structured in XHTML. This allows for dynamic handling of DOM. CSS use allows for the separating of style elements on the page, like fonts and picture placement. Ajax also separates the functionality of web pages by combining different elements in different ways. For example, JavaScript on the client-side browser is combined with XMLHttp to enable communication between client and server browsers. Then any server-side program or scripting language allows the programmer to quickly respond to client requests in a language and format they are familiar with.

Points of Interest

However, one of the major advantages of Ajax and, indeed, a major trend in other forms of computer programming, is that it is based on open standards. Open standards are supported by a variety of browsers and platforms, giving programmers the accessibility and flexibility to use what they need across browsers.

Posted by MixedSoup | No Comments »

Cross Site Script or XSS is one of the popular methods for attacking not only to Ajax based websites but almost any other website that accepts user inputs. Even before Ajax was conceptualized, this attack was already practiced by different hackers. There was one hack that was used in 2005 wherein MySpace.com was targeted. It uses a simple JavaScript function that could be embedded in user’s website and others. Once they view the webpage, the “My Hero” link is changed to the name of the hacker. It is practically a pyramid hack since anyone who sees the profile became the host of the hack. The code was actually posted by the builder of the hack in possible reparation for what he did. It is just a simple JavaScript that could be embedded in any website. It just does not hack any information, it practically takes over every function it wants to.

Here are some practices that will prevent future attacks using XSS.

1. Filtering Input

One of the main reasons why some of the websites experience this type of attack is that it does not screen anything that comes from outside sources. You may notice that YouTube and other blogging sites limit the functions to simple HTML tags such as bold, italic and even simple changes and animations. Sometimes there are sites that allow JavaScript functions to be part of the posting. Once this is admitted, everything could be taken over by attacker. Although the attacker may need to create another function to be able to completely control the program, all they need are simple functions that could access and extract different information from users. When you are able to filter inputs, you practically won’t allow anyone to post outside the allowed tags.

2. Disabling Functions

This security measures has its pros and cons. Its most obvious advantage is that it does not allow anything outside what you have specified. You can disable any functions related to JavaScript, Flash, Java or any other functions from performing anything in your program. However its disadvantage comes from the fact that you cannot possibly run anything yourself when you are preventing it from happening. If you are just running a simple forum then there is no problem about the site disabling other functions. However, when you are talking about user generated videos or music and codes; you will be crippling your own operation.

3. Convert Incoming Functions to HTML

If you cannot live with the incoming functions, here is a simple trick: convert all incoming tags and posts to HTML. Every JavaScript functionality has an HTML counterpart so there is a great probability that each function will work but not as an intrusive script but a helpful function as it is rendered in HTML. If the attack is not cloaked and comes in as an intrusion straight up, it will not be able to function at all. Here are some websites that actually provides a code on how to convert a function to HTML:

1. http://hp.jpsband.org/
2. http://daringfireball.net/projects/markdown/
3. http://textism.com/tools/textile/

Among the three, the last one is a perfect solution to any JavaScript function. If the library could be properly installed, it will work seamlessly without any concern of attacks.

Posted by MixedSoup | No Comments »

Introduction

Ajax is the acronym for Asynchronous JavaScript and XML. It incorporates a suite of technologies aimed at improving user experience with web pages. It also allows programs written in different programming languages on different browsers to communicate with each other. Translation, communication and function between web applications happens remotely and, ideally, instantaneously. Another primary aim of Ajax is to reduce user delay when interacting with web pages. Ajax frameworks and technological components allow web applications to function on an as-need basis without requiring the re-loading of the entire web page.
Therefore, updates and functions don’t’ require human interaction nor does the user have to wait while requests are being processed. Ajax, ultimately, aims to produce Rich Internet Applications (RIAs). It allows web content to be re-loaded incrementally without changing web content. This single page interface increases user interactivity.
When Ajax became consolidated as a technique in 2005, it did so around much media hype. This article will describe Ajax methodologies that created that hype and outline some Ajax disadvantages.

Background and Components

Jesse James Garret defined in a 2005 article entitled “Ajax: A New Approach to Web Applications.” Its programming style incorporated a variety of open web standards. Open web standards are useful because they encourage application competitiveness and interoperability. This is good news for the user because it means that the most customized solution will be found for users’ needs.
Ajax functions through the collaboration of various technologies. A familiarity with the basic building blocks of Ajax will help in any discussion of its disadvantages. Ajax uses a combination of XHTML (Extensible Hypertext Markup Language), CSS (Cascading Style Sheets), JavaScript, and XML. XHTML provides a standardized markup language for web pages. It allows for designers to customize tags for the communication of data and the execution of requests between applications. In the case of Ajax, this occurs remotely through a web browser.
CSS enables web page styling and formatting. JavaScript is supported by both Microsoft and Netscape browser making it useful across many platforms and operating systems. It provides a standardized scripting language that is particularly useful for web programming development because it is easier and faster to write. XML formats transferred data between the client and server making it easily readable between the two. These files are dynamically generated through server-side scripting.

Disadvantages

When Ajax emerged as a methodology, it did so around considerable media hype. Ajax was positioned to revolutionize web development in the same way the “dot.com” boom did in the early 90’s. However, Ajax is often seen as just the re-using of existing technologies that programmers were using anyway. Also, some of the interfaces, while providing the convenience of a single page, were confusing and difficult to navigate. Another glitch in Ajax occurs because of limitations in browser integration. Ajax creates dynamic web pages, tailored to user specifications.
However, because the data and format in these pages needs to be so specific, the web page cannot connect with the browser history engine. This results in inconveniences and delays in searching. For example, because of this lack in browser integration, clicking on “back” to return to a previous page or search might not be allowed on a user’s browser. Dynamic web page updates, which are part and parcel of Ajax technology, also make bookmarking difficult. Because web pages are automatically updated, when a user returns to a page it might not contain the desired information. Another concern when using Ajax is respond time lag.
There might be a lag, for example, when the web page interface loads because of pre-loaded data and having to handle request objects properly. Visually, this could mean that different segments of the page interface are loaded at different times, creating confusion. When using Ajax, websites must also to take care to link their information to a public URL because some search engines aren’t equipped for Ajax. This stems from another Ajax disadvantage. Ajax reliance on JavaScript, which isn’t used by some search engines, means that web sites constructed through Ajax will require testing on several browsers for compatibility. This is because JavaScript can be installed differently on different browsers. Its ability for customization can also make it incompatible with other browsers.

Search for Solutions

However, in keeping with Ajax’s spirit of innovation, many solutions to these problems have been implemented. For example, using invisible IFRAMES allows the retrieval of history data. URL fragment identifiers let users bookmark and return to a particular state of an application. It also supports back-button functions. Microsoft’s development of Ajax Extensions includes an Update Progress function that lets the user know a page is being updated. This reduces user confusion in lag time. Ajax products continue to reconfigure themselves and re-combine with newer technologies to improve web user experiences.

Posted by MixedSoup | No Comments »

In a simple HTML website, developers will always have the luxury of keeping sensitive information to themselves. When you log in to the admin page of the website, the information that you see is solely for those who have proper authorization. Without username and password, hackers will have a really hard time figuring out how to access the information based on what they can extract from the webpage.

On the other hand, an Ajax based website does not have the same luxury. When an Ajax based website performs a function, it is not just the server the sees the source code, everyone will have the ability to see the information. With the source code, hackers can easily go further and go right directly to the server. That even goes to the information that can only be accessed by web administrator. Even without the admin username and password, hackers could easily bypass this authorization requirement and go directly to the information found in the server.

This usually happens when you translate HTML to an Ajax-based website or “Ajaxifying” the webpage. You have to remember an HTML based website is remarkably different compared to an Ajax based website. That means the administrative functions in HTML will not perform like in Ajax. As we have said the source code and basically most of the functions in Ajax is available to the user. Even though they do not have the faint idea of what the user name and password is. So imagine the things they should be able to access – user statistics, personal information and of course credit card information, the hackers favorite information.

If you are thinking what I am thinking, my initial reaction to this problem would be to keep the information hidden by placing the functions and information I am about to access in a non-shared folder. That seemed reasonable since a non-shared folder cannot be accessed by anyone. But I was wrong, way wrong. You see, the non-shared folder is placed in the server which is the exactly the same place hackers are accessing. Do not think that if you keep the folder in an obscure location will keep the hackers from accessing sensitive information. You are just buying time and more often than not, it will never protect any information at all.

So what can you do? Fortunately, there is something that you can do to ensure you that some of these functions cannot be accessed. Each of the function should have an authorization before it could be modified or accessed. It is going to be challenge especially when you have so many functions to deal with. Remember there are so many things that you have to reconfigure that it is going to be really hard to built an authorization one by one. But this is very important considering the vulnerability of your Ajax based website.

The solution to your problem is a very simple but very tiresome. But that is the only price that you have pay if you wanted to create a secure website. Always remember that an HTML does not have the same authorization capacity with an Ajax based website.

Posted by MixedSoup | No Comments »

Introduction

In a recent article, reporter and web developer Sean Michael Kerner declared “The AJAX World Belongs to Google”. This article refers to the dominance of Ajax in Google’s web applications and how Google’s continued incorporation of Ajax techniques is bringing Ajax to the mainstream.

Ajax is an acronym for “Asynchronous JavaScript and XML”. By collaborating the functions of various pre-existing technologies, Ajax improves user experience of the Web and makes programming more translatable and interoperational. Ajax uses HXTML (Hypertext Markup Language), CSS (Cascading Style Sheets), JavaScript, and sever-sided scripts like XML. The collaboration of these technologies makes web pages more responsive, interactive and usable. It is important to understand that Ajax does not refer to a discrete product, but rather a technique for web development using the aforementioned technological components.

Google, on the other hand, is the trademark for the most popular web search engine in the world. By scanning web pages for search input by the user, Goggle presents results sorted according to quality, relevance and traffic. Google’s popularity is produced in part through it’s efficient search algorithm and its extensive networking of low-cost PCs. The PageRank feature in Google sorts web pages by using a huge link structure that determines the value of a web page requested by a user query. This link structure sees how many other pages have been linked to a particular page to determine its importance. Google also takes into consideration web page quality when ranking web pages in a search. All elements of the web page are examined in a Google search to insure that it relates as directly as possible to the query.

This article will discuss the development and benefits of Ajax in Google. It will explain Google’s incorporation of Ajax technology by describing why Ajax techniques work so well for the Google search engine.

Background

A brief history of Goggle and Ajax technology will help put the attraction between the two in a historical and developmental, as well as technological, context.

Google was founded in 1998 by two Stanford University graduate students, Larry Page and Sergey Brin. The primary contribution of the Google search engine was, as previously mentioned, PageRank. However, there were several other advantages. Google increases the probability of relevant results because of the sheer volume of its index. Its index contains billions of URLs (Uniform Resource Locator) that provide web page addresses. Google makes sure that search terms appear in the web page it brings up further reducing irrelevant results.

Google also searches the web for previous incarnations of web pages and pulls them up if current versions are unavailable. Google continued global dominance by developing regional versions of Google in 2004. It also included new search options for more effective web searches. For example, Google introduced options for image searches, news searches, and comparison-shopping searches. Some of these more popular features are called Froogle (for comparison-shopping), Google Maps (for directions and maps), Gmail (a web-based e-mail service increasing in popularity), Google Answers (where questions are answered based on a bidding system), and AdWords and Adsense (advertising services for advertisers and web publishers.

Ajax is the collaboration of techniques that increase web page usability. The term was coined in 2005 by Jesse James Garett. It quickly became the buzzword in web page development. It supports several interactions that signal innovations in web use. For example, Ajax can create single page web applications that function similarly to desktop applications. Ajax allows form data to be completed and validated automatically. Ajax allows web pages to update data automatically and load it based on demand without having to refresh or re-load. Ajax allows mashups that means users can mix content from third-party applications with their own to further customize results.

As demonstrated by the previous discussion Ajax technologies dovetail nicely with Goggle demands.

Uses

Google’s interventions rely on improved web development and programming. This is right where Ajax fits in. One of the strengths in using Ajax technologies in Google products are that these technologies already exist and are tested and trusted by web developers. Support is already included in most web browsers and these technologies are widely available. This use of already existing Ajax technologies used by Google keeps Google at the forefront of web development as other companies try to develop new technologies and lag behind as a result. Similarly, these tried and true technologies are powerful enough to support Google user volume.

Points of Interest

However, Google reliance on Ajax threatens other attempts at improving web applications. Other attempts to create powerful and scalable web applications are made irrelevant if, as Google suggests, the technology for accomplishing most goals already exists. For example, reduced demand for other technologies like Macromedia’s Flash and Flex and Sun Microsystems’s Java-based applications will preclude further innovations or render them a waste of time and money.

Posted by MixedSoup | No Comments »

One of Ajax’s most important code functions is the XMLHttpRequest. Without this code, it’s almost impossible for an Ajax based program to run smoothly. Although we can find alternate coding for XMLHttpRequest, this code alone could save us hours of coding when we do it the other way. XMLHttpRequest could command JavaScript to POST, GET and other important HTTP commands especially when the program is being built as an online, browser-based application.

On the other hand, XMLHttpRequest is one of the biggest reasons why Ajax is very vulnerable to hackers. XMLHttpRequest could be used to fetch information from other websites. Not only can the programmer do this, but when the web application needs user content, everyone can practically command XMLHttpRequest to fetch information from other websites. Hackers can pinpoint the Ajax based website to a malicious site that can hack their information. Another problem when using XMLHttpRequest to access other sites is that it opens itself to other sites. In order for the XMLHttpRequest to access other sites, it too, must be open to access other websites. It’s practically an opened gate for hackers to enter.

That’s why developers have developed a firewall around XMLHttpRequest so that it will not access websites other than the server. But that will greatly limit the XMLHttpRequest’s function in the first place. Developers have to think of a way to outsmart the XMLHttpRequest while maintaining the program.

There is actually one solution to this problem: create proxies for XMLHttpRequest. That way, XMLHttpRequest will have the same firewall settings because the code will think that it came from the same server. Although there’s only one solution, there are three ways of doing it:

1. Application Proxies: this program is not written so that it can be used by other applications. You have to develop a program that will be launched right inside the server. Whenever the Ajax based application runs the XMLHttpRequest, the application will generate a proxy so that it will cover up the actual IP address of the website. This is a very simple application but when you’re dealing with a lot of programs at the same time, it’s better to build an application proxy for each application to ensure faster processing.

2. Apache Proxy: Instead of building an application, you can go directly to the server and make some changes Apache server configuration. You should be able to fool XMLHttpRequest by rerouting XMLHttpRequest invisibly. You should be able to reroute XMLHttpRequest to another web server domain easily. The files that you should access and change are httpd.conf and mod_proxy. The bad side about this is that it’s very dangerous to change this especially when you’re using shared hosting services.

3. Hacking the Script Tag with Application Proxy: the first version of requires the developer to build a program inside the server. On this case, we develop another application proxy but instead of developing the program in the server, you could also build a program to automatically reconfigure the Script Tag so that it will not detect a different IP address.

Posted by MixedSoup | No Comments »

Introduction

Ajax is currently one of the major forces in web development. It’s an acronym for Asynchronous JavaScript and XML. It describes a set of technologies that work together with JavaScript to create more dynamic and interactive web applications. It is not a specific product, but its strategy is currently being incorporated in much product development. Through Ajax, web applications behave more like desktop applications, which, in turn, produce a richer for the user. Ajax reduces web page loading time through an improved system of data retrieval and formatting.

It allows for partial data retrieval and validation in real-time so that it isn’t necessary to reload entire web pages every time a user adds information or requests. This increases speed and interactivity. Its incorporation by such colossal search engines as Google have redefined user experience on the Web.

Open standards enable Ajax and, indeed, are integral to its technology. Open standards facilitate communication between hardware and software through a set of standardized specifications that increase interoperation across platforms, programming languages, interfaces, data formats, and communication protocols. They are developed through industry collaboration. They are also platform independent and vendor neutral making them radically democratic. Everyone and anyone can have access to them and they should be included in product development to insure wide product usability.
This article will outline Ajax components and how the development of open standards has contributed to Ajax goals.

Background

Any discussion of open standards as they relate to Ajax must begin with a brief discussion of W3C (World Wide Web Consortium). This organization is the primary organ for web development discussion and industry standards. Tim Berners-Lee founded W3C in 1994 after he invented the World Wide Web in 1989. The general purpose of this organization was to encourage industry consensus around web technologies. The primary goal of the W3C is interoperability. Interoperability is achieved by insuring that web technologies are compatible with each other and that any hardware or software used to access the web work together.

This requires the development of web protocol and programming languages standards that are intelligible across systems and collaborate towards web development and expansion. W3C publishes its standards and guidelines to further a democratic environment for web development. For example, it publishes its open (non-ownership, non-proprietary) standards for web protocols and languages without corporate consideration. No method or product is favored. The primary focus remains interoperability and web improvement.

The term Ajax was coined in 1995 by Jesse James Garrett. It provided a layer of technology between the server and the browser that increased web application responsiveness. This layer of technology is encoded in JavaScript and includes XHTML (Extensible Hypertext Markup Language) and CSS (Cascading Style Sheets). These define the presentation of the interface. XML communicates data interchanges. Asynchronous data retrieval is enabled through XMLHttpRequest objects. This engine communicates with the server through user-input and allows the user to interact with the application independent of communication with the server, asynchronously. This increases usability by not requiring the user to wait while the server communicates with the browser.

For the interoperability required by Ajax, elements of the technology had to be regulated by open standards.

W3C’s Open Standards Develop into Ajax

To understand how W3C has enabled Ajax methods it is important to further trace W3C contributions to web development. It is also important to remember that Ajax components are not new technology, but technologies that have been around since the mid-90s, which coincided with many of W3C’s open standards specifications. For example, in 1996 W3C published CSS Level 1 and in 1998, they published Level 2. These standards were developed for styling web pages. They provide mechanisms for features such as fonts, spacing, picture placement, color and general style elements of web page interfaces.

The publication of HTML 4.0 in 1997 dramatically increased the richness web designers could include in their web page design. HTML 4.0 allowed web programmers to specify style sheets, add tables, and generally make web pages more dynamic. Scripting of the DOM (Direct Object Model) was the mechanism that allowed for this increased accessibility and the addition of features. DOMs are interfaces that are neutral for platforms and programming languages to insure interoperability. These interfaces allow for programs to update and access a web page’s structure, style and content.
In 1998, W3C introduced XML 1.0, which would become the vernacular language of web development and revolutionize interoperability. With the further specification of XML Schema in 2001, W3C provides a standardized protocol for the creation of XML vocabularies. The development of these technologies was integral to Ajax deployment. It was the creative collaboration between them allowed for Ajax to become such a mainstream and accessible methodology. Ajax’s addition of JavaScript, which is a scripting language that can be included in a web page’s HTML, further standardized and facilitated asynchronously communication between browser and server.

Points of Interest

W3C and Ajax’s development and use of open standards has implications for the big technology corporations as they try to stay competitive in web development. The dominance of Ajax use in the major search engine Google means that product development must be compatible with Ajax and open standard technology. Major tech corporations like IBM and Microsoft have been forced to contribute resources to open standards community development so their technologies are not left behind by evolving standards.

Posted by MixedSoup | No Comments »

Introduction

Adobe’s Flash/Flex and vendor-independent Ajax are both used to design dynamic and interactive web applications. Both allow for interface animation and are platform independent meaning content will appear the same across platforms. There are many similarities and Flash/Flex is often used as a partial substitution for Ajax interface technologies. However, there are significant differences as well. For example, Flash is an animation format software that allows for the quick download of animation files in a resizable format that lets files be downloaded over a regular modem connection. Flash produces increased interactivity by encoding information in smaller, more easily downloadable files.

It is also a set of technologies aimed at creating Rich Internet Applications (RIAs). It is a product developed by Macromedia, whereas Ajax is more of a methodology to produce RIAs. Ajax uses the strategic combination of DHTML or XHTML (respectively, Dynamic Hypertext Language or Extensible Hypertext Language), XML (Extensible Markup Language), CSS (Cascading Style Sheets), and DOM (Direct Object Model) with XMLHttpRequest and JavaScript to create more responsive and interactive web applications. Ajax functions as a layer of programming that facilitates a behind-the-scenes communication between the browser and the server.

This article will discuss Ajax and Flash/Flex technology as they compete in making RIAs. The two are similar and can perform similar functions. However, there are certain advantages and disadvantages to both.

Background

Flash is the catch-all term for the Adobe Flash Player and the Adobe Flash Professional Multi-Media authoring program which helps create content for the Adobe Engagement Platform. Macromedia developed it in 1996. Subsequently, Macromedia was acquired by Adobe in a deal finalized in 2006. Adobe Flash Professional functions as an IDE (Integrated Development Environment). IDE’s offer a set of programs, including a code editor, a debugger, a compiler and a program to create GUIs (graphical user interfaces). All of these run through a single user interface to make programming easier.

They are very popular for creating HTML applications and are therefore very important to web development and often help to automate tasks, making web programming and usability faster. Flash is a popular method for adding animation and interactivity to web sites. However, it is currently moving toward contributions toward developing RIAs (Rich Internet Applications). RIAs are web applications that function with the efficiency, consistency and security of desktop applications using the simplicity of a simple user interface, keeping other program functions on the application server away from the user. Adobe’s Flex technology was released by Macromedia in 2004 and directly responds to RIA development. Flex technology rivals Ajax by using workflow and programming models that programmers are more familiar with. Flex is the development framework for the Flash IDE.

Flex is precisely where Flash intersects with Ajax. Both aim towards creating RIAs. Flex works on the presentation level of an RIA. The term Ajax was coined in 1995 as an umbrella term for a set of technologies and methodologies used to produce rich Internet applications based on open standards. W3C published standards for XML, HTML, and CSS and these are the standards employed by Ajax to increase its application’s interoperability.

This also reiterates one of the main differences between Ajax and Flex. Ajax is amore democratic methodology, while Flex is a vendor specific product that requires purchase. Like Ajax, Flex uses an XML-based language, MXML, to create GUIs. MXML mirrors XHTML in Ajax. ActionScript reflects the function of JavaScript in Ajax. Finally, like Ajax, Flex technology requires that the client only load once and have access to multiple and complex interface interactions in real-time.

Uses

The differences between Ajax and Fletch is not merely a brand naming. There are hardwired differences as well. For example, Flex and Flash are delivered through Flash Player while Ajax is delivered through a browser. Flash Player requires a plug-in to browsers. A plug-in is a program that is easily installed to be used with a web browser. Plug-ins allow users to supplement web applications with other programs to perform specified functions. However, Ajax doesn’t require the downloading of applications, rather it accesses those web applications from the Web as they are requested. But some argue that Ajax requires more program writing and code. DHTML (dynamic HTML) applications are used differently according to the browser. Programming must be written to work around that.

Therefore, Ajax can sometimes be development heavy. Also, Ajax toolkits that abstract browser inconsistencies to address these problems often lack standards and are extremely large in file size, making them more difficult to work with. Flash platforms function as application platforms that are browser and platform independent. In Ajax applications, the browser is the platform. Some argue that browsers were not built for that, whereas Flash Player was specifically intended to be that kind of receptacle for client-side operations.

Points of Interest

The conflict between Flash and Ajax seems to stem from differences in approach towards achieving the same RIA goals. Adobe’s Flash and current Ajax products by IBM and Microsoft compete commercially in the IT marketplace. But more than just encouraging market competition, both of these technologies aim at improving user experience of the Web. Currently, Flash and Ajax are working together on some innovative web sites like Google Finance and Yahoo! Finance.

Posted by MixedSoup | No Comments »

Introduction

Ajax is a combination of technologies that increase web page usability. It is an acronym for Asynchronous JavaScript and XML. Ajax performs its functions by encoding all requests between the server and the browser in the common programming language of JavaScript. Communication between server and browser in a standardized language like JavaScript and the Ajax XMLHttpRequest object allow for page updates to occur asynchronously through remote scripting. That is, relevant parts of web applications can be updated onto the web page interface ‘behind the scenes’ without requiring the user to re-load the entire page.

This makes for a faster, more comprehensive, and more interactive user experience. JavaScript provides a language for remote scripting. Remote scripting lets users request (for Ajax, in JavaScript) data from the server through their web browser without refreshing the entire page. Ajax, however, performs several other functions that make for a seamless web experience. These other functions require the manipulation of the DOM (Direct Object Model). For example, XHTML (Extensible Hypertext Markup Language) and CSS (Cascading Style Sheets) mark up and style the web pages.

Marking up refers to any data that further describes the content. Style refers to layout, fonts, colors, picture placement, and other aesthetic elements. XML provides a format through which to exchange data between the server and the browser. However, most important for accessing and altering the DOM is a client-side scripting language, which JavaScript is, that allows for easy interaction with the information.

This article will discuss Ajax’s reliance on JavaScript.

Background

JavaScript was developed in 1995 to support the use of Java “applets” for non-Java programmers and web designers. “Applets” are small applications that are written in Java. They are imbedded in HTML pages (web pages) and facilitate functions such as scrolling in specific areas and animation. They are independent of operating systems and, therefore ,are easily translatable. They are Internet programs and easily downloadable by any computer. JavaScript is a script language created by Netscape. Script languages include sets of programming codes and JavaScript, in particular, is useful to web page functionality because in can be easily incorporated into HTML documents.

JavaScript’s primary aim was to develop interactive web sites and Ajax methodologies were developed to improve web experience. The centrality of JavaScript in the Ajax name is just one the clues regarding its importance to cutting edge web development.

The term Ajax was first coined in 2005. As previously stated, it describes a set of technologies that collaborated to improve web usability. Interestingly, Ajax does not describe any new technology, but rather the strategic positioning of already existing technologies to work together in new ways.

For example, JavaScript was developed to address early web development issues. Microsoft’s development in remote scripting, MSRS (1998) allowed for Java applets to be utilized with the client communicating in JavaScript. This method worked on Internet Explorer and Netscape, version 4, from the late 90’s onwards. Microsoft introduced the XMLHttpRequest object on Internet Explorer, version 5 (1999). This was one of the innovations that would lead to the coining of Ajax. For example, in 2002 MSRS replaced Java applets with XMLHttpRequest objects central to the Ajax approach.

This expanded interoperability across web platforms. However, JavaScript is still the primary language for web development and Ajax techniques. It is JavaScript’s coupling with other specific technologies, like XMLHttpRequest, that incorporate it into an Ajax engine.

Uses

Perhaps the most powerful innovation of Ajax technology is situating JavaScript in the browser. Through this, JavaScript is connected to and connects all the components of a web page. Within an Ajax framework it means that JavaScript can manipulate characteristics of an HTML page through the DOM. JavaScript can also manipulate the DOM elements that control the visual aspects of a web page the CSS.

CSSs separate web page presentation from content. One of JavaScript’s primary features is the ability to respond to events in time. In conjunction with other Ajax technologies, this feature can create interactive web features like the mouseover, where text pops up or the HTML (and web page appearance) change when a user’s mouse rolls over a button with the attached function (written, of course, in JavaScript). XMLHttpRequest allows for asynchronous data retrieval, but it is JavaScript that encodes that request with its own thread of implementation so that normal browser ability can be maintained while the request is being processed. Like its position in the acronym, JavaScript is central to all Ajax functions.

Points of Interest

Unfortunately, the centrality of JavaScript within the Ajax framework is also one of Ajax’s primary disadvantages. For example, different browsers can install JavaScript differently. This may require JavaScript to be tested for compatibility in multiple browsers.

Ultimately, however, Java technology is compatible with Ajax and Web sites employing Ajax techniques. JavaScript is encapsulated by Ajax technologies, like XMLHttpRequest, so that the server does all the work of translating and implementing coded requests.

Posted by MixedSoup | No Comments »