AjaxWorld session: Greg Murray

BluePrints for AJAX Applications

Project lead for jMaki

Conventional web: server manages entire view, lots of xml, browser is dumb terminal. From 2005, ajax appeared. Challenges we face today: multiple scripting languages, service-driven widgets, controlling access to services, security risks, performance.

The blueprint

On the client: use true JSON (Crockford) json.js; use pub-sub bus for inter-component comms; verify all inputs on the client (use a script to avoid injection attacks); don’t take script from strangers (maybe malicioius, more likely may have their own security holes); avoid browser detection; use namespaces.

On the server: use a light RESTful architecture; keep session state to minimum; manage access to services (use API keys); use server to access and convert to JSON/JSONP/XML; set correct headers

Consider a library for generating correct JSON more easily. json.org Java, or G-JSON (?).

Choosing library - overview of various choices. They all have advantages.

Frameworks. jMaki premise: integrate your javascript with existing libraries.

The presentation jumped about a bit. I’m not quite sure what the presenter’s take-home message was supposed to be. I’ll probably spend some time looking at jMaki later though.

 newer · index · older