AJAX - An emerging new breed of dynamic web applications.


AJAX advantages

  • AJAX allows us to create highly interactive user interfaces by allowing us to update the presentation tier with data from the server without reloading the entire page.
  • AJAX offers real time form validation by sending data asynchronously in the background to the server. We can very easily validate a form field value against the server value when the user leaves the focus from the form field. So the waiting time is reduced.
  • AJAX provides better performance than traditional web applications as there will be no post back to the server that will render entire GUI as HTML.
  • AJAX can give a web pageís form field the ability to predicatively suggest the possible list of values when user starts typing something on a form field as it is in Google Suggest
  • AJAX applications consume less bandwidth when compared with traditional web applications, as it is not required to generate the entire HTML from the server to change a small portion of the page.

Limitations of AJAX

  • Presently a web page using AJAX can make request to only the sever from where the page originated, for example if your page originated from http://www.yahoo.com then the page canít make a request even to http://yahoo.com. This is so restrictive that the page canít even make a request to another domain.
  • Browsers impose restriction on the number of concurrent requests that could be made to the server. For example the restriction imposed by Internet Explorer is - 2 concurrent requests at a time.

AJAX challenges and ways to overcome

  • In order to use an AJAX based application, we need to have a JavaScript enabled web browser. If a browser doesn't have a JavaScript support or if JavaScript is disabled, AJAX simply will not work.
  • The browser has to support XMLHttpRequest object (or similar). If a user is using an older version of browser, the XMLHttpRequest object support may not be there. In this case AJAX would fail.
  • AJAX may break the expected functionality of Back, Forward and Refresh buttons. When a user clicks on back button, he expects to navigate to the previous page, but if we are using AJAX, then the case may be different. Since the data is updated on the server, and AJAX is fetching that data , the user may see updated status of the page when he uses browser's back button.
  • Bookmarking a particular page may become difficult. Since only parts of the page are updated with data that is updated on the fly, if the user comes back to the page in future using a bookmark, then there is no guarantee that he is going to see the same page state. Also sending a pageís URL to some one else in the form of a link is also not possible.

Security Issues

AJAX applications, like any other application, tend to pose security risks unless they have strict designed-in security. Some of the security issues that need to be highlighted include
  • Reverse Engineering An AJAX application contains most of the busies logic processing at the client side itself as JavaScript, which is nothing but text available at the client side. A hacker can read the code very easily and reverse engineer our application. We can overcome this issue by doing all our business logic at server side itself. But this is not a good idea. So we need to have some code obfuscators for hiding the code from the end user.
  • Fake XMlHttpRequests A hacker can always send a pseudo XMLHttpRequest to the server and retrieve unauthorized and unauthenticated information, resulting in a security loop hole. So when developing AJAX application, our server side code should be able to distinguish between the real and faked AJAX requests. We can achieve this by checking user-agents, session id etc. We can also use some form of random sequence numbering i.e. we can encoded a sequence number and piggyback it along with the current response, the application should then use this number while sending a subsequent request.
Your Ad Here  
Previous AJAX - An emerging new breed of dynamic web applications - Part I

AJAX - An emerging new breed of dynamic web applications - Part III

All rights reserved.  Terms and Conditions