AJAX Experts Tackle Security, Other Issues
SAN FRANCISCOA panel of experts broke down many of the key issues surrounding AJAXincluding security, tooling, support for devices and, not a small question, what will Microsoft doat the AJAX Experience conference here May 10.
Security ranked among the chief concerns among the audience, with some questioning whether reports that AJAX opens users to security problems are true.
Panelist Alex Russell, co-founder and project lead for The Dojo Toolkit, a popular AJAX framework, said, "Its worth noting that the fundamental problems with browser security and Web application security havent changed in five yearsmost rely on a single root of trust, and AJAX doesnt change that. Wider spread use of cross-domain content distribution," which is not new with AJAX, is part of the issue. "The short version is still, Dont trust the client."
When asked what tools they liked to use to do AJAX development, the panelists listed the programming editors often referred to as tools for "real men" programmers: Vi, Vim (also known as "Vi Improved") and Emacs. However, after some prodding from Almaer, the group listed a few tools specific to AJAX-style development.
When asked whether there is a need to continually provide hacks to make things work better with Microsofts Internet Explorer, Joe Walker, creator of DWR (Direct Web Remoting), a popular AJAX tool kit, said, "The whole of AJAX is a hack, so I dont think we should get too purist about it."
"IE is a significant disappointment," said Russell. "We should be making noise about it. To get anything better out of IE is to start burning barricades outside offices in Redmond. We should make a lot of noise."
Russell later said that despite a large and growing number of AJAX frameworks in the industry, he expects a "peaceful coexistence" among them.
"Its remarkable how easy it is to mix them" and use the best features of different frameworks, said Stuart Halloway, co-founder of Relevance.
Asked whether the browser is ready to be used as a platform for all-day use, Walker said, "That is a problem; its a work in progress. There are some tricks you can use and pick the right browserlike not IE."
"IE sticks out in some ways," said Halloway," but these problems are going to be there regardless of doing AJAX. This issue should really drive you to use frameworks and libraries because they are tested."
The issue of mobile AJAX came up, and Greg Murray, a systems engineer at Sun Microsystems, said Sun is looking at this area.
"Were starting discussions at Sun next week around AJAX for mobile devices," Murray said. Suns annual JavaOne conference is next week in San Francisco.
Meanwhile, panelists took a few shots at Microsoft, which was not represented on the panel.
A questioner asked the panel what they thought of Atlas, Microsofts AJAX offering. Halloway said he has tested the technology, "and we find it to be pretty impressive. With Atlas its painless to get AJAX into your apps. Its fronted by WCF [Windows Communications Foundation], and its a great product."
Asked why Microsoft was not represented on the panel or not a sponsor of the event, Galbraith, who helped moderate the panel, said there was no anti-Microsoft bias during planning for the panel.
"We wanted them to sponsor the show, but they ran out of budget for the end of the year," he said to laughter from the audience.
Check out eWEEK.coms for the latest news, reviews and analysis in programming environments and developer tools.