The Packet Rat | AJAX Craze Could Lead to Dirty Business

'It's like a bad horror-movie monster,' the Rat recently ranted as he reviewed
requirements for another application development project. 'Just when you
think you've killed it, it comes back again!'


'What, 'American Idol'?' asked his wife.


'No, no ... though that's true,
too,' he replied. 'No, I'm talking
about this dynamic HTML offal
they're calling AJAX. I thought
we had finally managed to tuck
everything safely back on the
server where it belongs, but all of
a sudden everybody is in love
with this 'rich Web client' snake oil.'


'You mean like that Google calendar
thing? That's sooooo cool,' his wife cooed.


'Oh, lord, they've gotten to you, too,' the
whiskered one simmered. 'OK, sure, it's
pretty. And it has the best of both worlds:
the bloated, cranky code of client-server,
with all of the stability, performance, and
security of the Web. I can see what the attraction
is.'


AJAX stands for Asynchronous
JavaScript and XML, and it's the latest
rage sweeping the Web development
world. It's an approach to creating Web
pages that act like desktop applications,
fetching new information from the Web
server without having to reload in the
browser.


While the AJAX approach can take a lot
of the traffic strain off Web servers and can
be used to take advantage of all of
those nifty Web services and service-
oriented architectures everyone
is so hot to build, the programming
model that sounds
like a household cleanser comes
with a mess of its own.


'First of all, it usually requires
JavaScript, hence the 'J' in its
name,' the cyberrodent sneered.
'And JavaScript reeks. It's a pain to find
the bugs in JavaScript.


'Plus, it's a hacker's dream. Using
AJAX means putting all of your
source code out in the open to be
downloaded and run by a browser, so
unless you use some magic obfuscation
code to make the source totally unreadable,
all of the code ends up in the
browser's cache. Someone can snoop in
and try to figure out how to break into your
data, or at least attack it. And all it takes is
a bad line of code, and your application becomes
a denial-of-service attack.'


'I think you're overreacting again,' Mrs.
Rat sighed. 'This is like that time you got
all worked up about the kids playing with
that software they found on those music
CDs.'


'It's called a rootkit,' the Rat replied.
'And you'd get all worked up too if they'd
used it to break into your brokerage account
instead of uploading those pictures
of me losing my swim trunks to my
agency's intranet portal.


'Besides, if they can crack that, imagine
what they can do to your Google calendar.'


A look of horror crossed Mamma Rat's
face. 'They wouldn't.'


'You're probably right,' the Rat grinned.
'Shall we go get lunch?'


Just then, her Treo buzzed. The Rat's
better half looked at the screen and
replied, 'I can't. Apparently, I'm booked
to take the kids and their friends to the
paintball park for the rest of the day.'


The Packet Rat once managed networks but now spends his time ferreting out bad
packets in cyberspace. E-mail him at rat@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above