Tuesday, April 3rd, 2007

Towards Secure Ajax Mashups

Category: JSON, Remoting, Security

Ajax pioneer Brent Ashley has written a Developerworks article about making Ajax mashup secure. It looks at where it’s at today and where it’s all headed. He begins by surveying current techniques for calling external servers, such as the popular On-Demand Javascript technique. This has well-known security issues. The scalability benefit of the <script> tag Read the rest…

Posted by Michael Mahemoff at 6:27 pm

3.2 rating from 18 votes

Thursday, March 15th, 2007

UED – URL Encoded Data

Category: JavaScript, Library, Remoting

UED is a tiny library that takes a hash and converts it into a URL. Instead of passing a JSON string, for example, you could just construct a URL containing the transfer object. Update: I should mention that this is more about the format than the library…UED is a proposal for a standard way to Read the rest…

Posted by Michael Mahemoff at 9:20 am

3.4 rating from 23 votes

Wednesday, January 31st, 2007

Eval’ing with IE’s window.execScript

Category: JavaScript, Programming, Remoting

Plaxo’s Joseph Smarr has been playing with on-demand javascript, i.e. downloading extra JS code after the page has already loaded. When you grab the code via a remote call and eval() it, it doesn’t get into global scope. So here’s how he dealt with it. Here’s a simplified version of the situation we faced: function Read the rest…

Posted by Michael Mahemoff at 3:40 pm

3.9 rating from 71 votes

Tuesday, November 7th, 2006

Ajax and Security – Discuss

Category: Books, Editorial, Remoting, Security, Testing, The Ajax Experience

Often when you hear discussions regarding Ajax and security, its said that the issues remain the same as they were ten years ago: don’t trust user input, don’t expose sensitive data without encryption, code for security from day one, never display system errors messages, etc. While that is all true and good, one thing I Read the rest…

Posted by Rob Sanheim at 8:00 am

3.4 rating from 41 votes

Friday, August 25th, 2006

New Friday for Friday: GWT

Category: Ajax, Books, Google, Remoting

Dave Thomas over at the Pragmatic Programmer let us know about a new Friday (i.e., short book that can be read entirely in a Friday afternoon) that they’ve published: Google Web Toolkit, by Ed Burnette. Dave was kind enough to provide us with an excerpt for distribution to our readers: Chapter 5 — Remote Procedure Read the rest…

Posted by Ben Galbraith at 11:19 am
Comment here

4.1 rating from 36 votes

Thursday, July 13th, 2006

Two-Way Web: Can You Stream In Both Directions?

Category: Comet, Remoting

Comet is mostly considered a server-to-browser thing, but how about a permanent connection in the opposite direction, from browser to server? I’ve been talking about this on my blog and received some interesting thoughts from Alex Russell. There are two key issues: (1) Server needs to start outputting before incoming request is finished. With a Read the rest…

Posted by Michael Mahemoff at 5:42 pm

3.7 rating from 34 votes

Friday, July 7th, 2006

PHP-Based MySQL-to-JSON Converter

Category: Database, Remoting

A new PHP component by Adnan Siddiqi accepts a MySQL result set and converts it into a JSON message. MySQL To JSON: This class can be used to convert data from MySQL query results into a JavaScript expression in JavaScript Object Notation. It takes a MySQL query result handle and retrieves the query result column Read the rest…

Posted by Michael Mahemoff at 7:23 am

3.5 rating from 95 votes

Thursday, June 22nd, 2006

Autcompletion Issues with Yahoo, Scriptaculous Libraries

Category: Remoting, Scriptaculous, Toolkit, Yahoo!

Cheng Guangnan reports on a potential issue with the autocompletion/suggestion support offered by both Yahoo UI and Scriptaculous libraries. The problem involves parallel calls – there’s the potential for an initial list of suggestions to be displayed after a subequent list. His screencasts show what’s going on. 1. “2006” is typed. 2. A request of Read the rest…

Posted by Michael Mahemoff at 5:26 am

2.9 rating from 15 votes

Tuesday, June 13th, 2006

Is “Asynchronous” Really Used in Ajax?

Category: Remoting, Usability

“A” may stand for Asynchronous, but PPK recently asked his readers if people are really exploiting the asynchronous nature of Ajax. Are there really situations where the user can do something while a request takes place? For instance, GMail makes an asynchronous call to grab some mail data – do you actually play around with Read the rest…

Posted by Michael Mahemoff at 5:38 am

3.8 rating from 48 votes

Wednesday, May 24th, 2006

Reverse Ajax with DWR

Category: Comet, Java, Remoting

More and more, Ajax apps are using various techniques to keep content fresh in the browser. Essentially, we’re talking about reversing the usual communication flow- the server notices something’s happened, and wants to tell the browser about it. Server “calls” browser, not browser calls server. The popular Java Ajax framework, DWR, recently released milestone 2 Read the rest…

Posted by Michael Mahemoff at 4:38 pm

4.1 rating from 121 votes

Monday, April 17th, 2006

KingPing: Blog Notification with Ajax

Category: Remoting, Showcase

King Ping provides a similar service to sites like Ping-O-Matic, which accept a blog URL and notify sites like Technorati that an update has occurred. Not everyone needs these services anymore as the process is often automated, but for those who do, King Ping gives you a nice Ajax interface for it. The application uses Read the rest…

Posted by Michael Mahemoff at 6:17 am

2.5 rating from 19 votes

Wednesday, April 12th, 2006

XHR SQL Injection: Ajax Antipattern Illustrated

Category: Remoting, Security

Some of you will be familiar with, a website showcasing code in the wild that is, well, less than professional. A recent forum item illustrates the ultimate Ajax antipattern: uploading arbitrary code to be executed on the server. Gustavo Carvalho discovered what happens when XMLHttpRequest and the Eval() function in PHP are combined. I’ll Read the rest…

Posted by Michael Mahemoff at 6:08 pm

4 rating from 38 votes

Saturday, March 11th, 2006

JSONRequest: Proposal for Cross-Domain Browser Service

Category: JavaScript, Remoting

Douglas Crockford, creator of JSON, has proposed that browsers include a new “JSONRequest” service to allow for safe cross-domain calls. JSONRequest is a service which encodes a JavaScript value as a JSON text, does an HTTP POST of that text, gets the response, and parses the response into a JavaScript value. If the parse was Read the rest…

Posted by Michael Mahemoff at 5:00 pm

3.6 rating from 25 votes

Wednesday, March 8th, 2006

Comet ETech Slides Available

Category: Comet, Programming, Remoting

Alex Russell has posted slides for his ETech presentation on Comet. Comet (which we mentioned the other day) is Alex’s new term for push-style server-to-browser communication. ETech Comet Presentation – PDF Version ETech Comet Presentation – Flash Version The presentation motivates Comet largely in terms of social and multi-user concerns, before moving onto the nuts Read the rest…

Posted by Michael Mahemoff at 3:35 pm
1 Comment

4 rating from 26 votes

Saturday, March 4th, 2006

Comet: A New Approach to Ajax Applications

Category: Comet, Dojo, Programming, Remoting

Alex Russell has coined a term for a flavour of Ajax that’s been getting more attention of late. Comet describes applications where the server keeps pushing – or streaming – data to the client, instead of having the browser keep polling the server for fresh content. Alex identifies several buzzworthy examples: GMail’s GTalk integration Jot Read the rest…

Posted by Michael Mahemoff at 2:06 pm

4 rating from 124 votes

Wednesday, February 15th, 2006

Cross-Domain XML

Category: JavaScript, Remoting

Like it or not, there’s plenty of people who want to do cross-domain remoting. The typical technique is via script tags, and since this means the response must be valid Javascript, JSON is usually the message format. But what if you want to grab some XML instead of a JSON-formatted object? Dave Johnson explains how Read the rest…

Posted by Michael Mahemoff at 9:40 am

3.7 rating from 63 votes

  • Page 1 of 2
  • 1
  • 2
  • >