Channels ▼

Web Development

The AJAX Application Delivery Challenge

Users are demanding rich, interactive browser-based applications. Security administrators require these applications be secure on both ends of the wire. Server and systems administrators insist that the application not consume more than its fair share of resources, and network administrators are eyeing up your application and calculating the charge-backs with a gleam in their eye, wringing their hands gleefully while anticipating the probability of funding their next upgrade based solely on the cost of bandwidth needed to deliver your application.

While Web 2.0 technologies like AJAX ("Asynchronous JavaScript and XML") provide the means by which you can satisfy the demands of your users, these emerging technologies can also have far-reaching consequence in terms of security and performance. Advocates of Web 2.0 technologies like AJAX like to point out that AJAX requests are typically smaller than their traditional HTML counterparts, but they forget to mention there are more of them, more often. Developers using JSON ("JavaScript Object Notation") as their protocol of choice to exchange messages between the browser and the server like to claim it is a "fat free" alternative to XML, but in reality the FDA would call them out on that claim, not to mention the security risks inherent in using JSON that aren't present with its XML counterpart.

With more data being exchanged at a faster rate, no standards support, immature toolkits and human-readable application logic, AJAX has a plethora of application delivery and security hurdles to overcome. AJAX isn't going away. In fact it's being adopted at an incredible rate by internal developers and ISVs alike, therefore addressing the performance and security concerns of this fledgling technology is necessary sooner rather than later.

The key to a successful deployment is to understand and address the performance and security issues up front, rather than taking a laissez-faire approach to the whole thing and waiting until someone complains or disaster strikes. By understanding the challenges inherent in Web 2.0 technologies like AJAX you can avoid the performance and security pitfalls that may crop up along the way.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.