I have problems with AJAX – and they are gut level and three:
1)AJAX like Linux has already forked too often and is now spread over several mutually incompatible frameworks – sort of like getting instant SQL mayhem just when interoperability is el numero uno, dos, y tres problemos in IT and development;
2)JavaScript, the scripting engine of AJAX, is a security hazard like ActiveX which still malingers in Windows code/apps. The JavaScript prototype and dynamic change problems are the tip of the iceberg. See here for an introduction to AJAX Security. Given the move of organized crime into Hacking and Security Opportunities, AJAX Security problems are even more critical with the rapid expansion of Web 2.0 and SaaS software using AJAX tools and methods.
3)AJAX tools, reflecting the diverse frameworks, are far from uniform and just starting to deliver complete development systems with the likes of Backbase, Jackbe, and Tibco General Interface. But even these vary widely in the services they deliver and the AJAX methods and frameworks they support.
For these 3 reasons, I look at AJAX Web development with the same trepidation reserved for ActiveX usage on the Web – it has all the same momentum, GUI glitz, and immediate problem solving that ActiveX had – and the consequent rush then security patches and finally great viral outbreaks/ravages which Security firms and experts had warned about were visited upon the IT community for the past 5-7 years.
AJAX Repackaged
There are four counter trends to the problems that I have raised here. First, the Open AJAX Alliance is a group of vendors who recognize full well the above problems among others, and have banded together to address the issues. Some of the things being proposed and undertaken certainly have great promise – and given the relative success of the JCP-Java Community Process and The Eclipse Foundation there are models available on how to do an alliance like this effectively.
It appears to this observer that one of the solutions to the security problems inherent in both AJAX JavaScript and XML and their almost complete code transparency, especially on the client, is the need for some controls on this. Two approaches being adopted might be called variations on repackaging AJAX for deployment.
The Java approach to repackaging has the Server act as a JIT-delivery agent- delivering the needed method and/or complete scripts on an on demand basis and possibly using a scrambler to disguise even the delivered code with a small Java routine unscrambling the JIT delivered JavaScript on the client. This could work in offline AJAX apps as well with the unscrambler available to handle downloaded but scrambled AJAX code. The penalty of course is the time to download and unscramble, but given the relatively small size of even large AJAX apps – this is not a prohibitive cost, especially considering the added Security.
The Adobe Apollo approach has new Apollo runtime engine act as a safe container manager much like the current Flash and Acrobat PDF runtimes act in behalf of the ActionScript and JavaScript that they support respectively. I know that Adobe targets Apollo to support the complete and latest Flash, complete and latest PDF, and notably the complete W3C HTML/CSS/DOM/JavaScript capabilities. This is a very ambitious undertaking – but it also has very good depth. Adobe plans to have the runtime available to run cross OS platforms including mobile and embedded platforms plus also being able to run in online or offline mode. Talk about RIA and disruptive ambitions!
So despite my concerns, software vendors appear to be addressing some of the key issues in AJAX development. However, AJAX, as we know from Greek myth (Homers Iliad) got killed. So the technology is not out of the water. But here is the fourth positive ingredient – there are at least two dozen blogs that are following and reporting candidly on AJAX. Here are 3 top resources:
The Ajaxian
Ajax Patterns
AJAX Projects
So the AJAX community is relatively well informed in an open and forthcoming fashion on all the latest developments. That has to have a positive effect on keeping AJAX from being slain by naked greed or misplaced ambition.
(c)JBSurveyer 2007
If you liked this, let others know: Slashdot Digg del.icio.us reddit newsvine Y! MyWeb