Apparently there are issues with inexperienced developers, there are issues with the cross-site scripting, there are issues with Web services. Even Jesse James Garrett who founded the term AJAX said there are a lot of issues and we're going to have to almost patch them one by one. So how can people rely on AJAX if it's got all these security issues? I talked to one AJAXWorld attendee yesterday, and she said she wasn't using AJAX yet, but the one thing she knew was that it apparently had a lot of security concerns.
So there are security concerns. Actually, if you look at the security concerns you have when doing Web services, there actually was work done for Web services in the area of WS-Security. A lot of folks who are looking at this are looking at it for the first time. Well, the folks that actually have looked at service-oriented architecture said, "Well, if I'm actually going to start calling something, I want to, No. 1, ensure that I can call the resource, and then if I can call the resource that I'm actually entitled to, go deeper and actually access the data." The second piece of this is this cross-site scripting; this has been a known problem in the Web, and it's a server-side problem that people have been dealing with.
Now, the other issues that you start looking at in the area of mashups, again, this is -- you're absolutely correct. You have people that are writing JavaScript that don't really know how to write it, and if you create a mashup, you could end up with a serious problem. Now, if you look at the mashups that have been created up to this point, they've been done by very highly skilled and very knowledgeable Web programmers who know what they're doing. Now, one of the reasons why we founded OpenAjax was this exact problem was when Scott [Dietzen, CTO of Zimbra, who helped co-found OpenAjax,] and I looked at this problem in late 2005, we pretty much decided that the number of problems that would be confronting people, you'd probably find one in 40 developers actually having all of the right capabilities to actually write good AJAX and secure AJAX.
So what are you going to do?
The first thing we started doing is we're attacking the problem not one at a time, we're doing it in multiple fronts. The first thing was, How do we basically build AJAX, and how do we debug AJAX? And how do we see what's going from the client side of this to the server? And that's what IBM was working on, and Bob [Goodman, a senior programmer at IBM,] was doing with the AJAX Tooling Framework.
The second side of this is that we needed to get the knowledge out about what are the issues. You don't want to scare people away, but at the same token, you need to basically educate them. And this, again, was part of this whole side of what OpenAJAX was about. The third side of this is, How do you then look at it from an industry standpoint of coming out with the best practices? So this is a document that people [would] write to give to AJAX programmers. And then the fourth thing is to look for the technology side of it. How can we basically start securing the technology? And that work is under way right now. And [while] there are no great answers at this exact second, there's a very good understanding of the problem, and people are discussing what's the right way to do it.
ScrumMaster offer tips on how to play in a winning dev team
How spyware nearly sent a teacher to prison
Open source identity: Asterisk founder and Digium CEO Mark Spencer
Fighting e-waste one mobile phone at a time
MIT's JoAnne Yates on information overload, 'CrackBerry' addicts and the 'always online' life
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Virtual magic: HR specialist throws out 40 servers, adds 8TB SAN and saves $100,000 for disaster recovery 2008-12-01 15:28:00+11
Sybiz adds up for SMEs in downturn 2008-12-01 14:27:00+11
EXCOM scores back-to-back award trifecta 2008-12-01 10:46:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Citect extends SCADA networks with mobility solutions 2008-12-01 09:48:00+11
Making the Business Case for IT Consolidation
IT executives face the need to improve service delivery with limited resource increases. Two common strategies for achieving this are network and systems management tools and datacenter consolidation. Read on to discover how you can make a strong business case for IT Consolidation.
Buying Guides
Latest Products
Buying Guides
