Ajax and mashups represent two new Web application development approaches that both fit under the Web 2.0 umbrella.
Ajax
Asynchronous JavaScript + XML (Ajax) allows user interaction with Web pages to be decoupled from the Web browser's communication with the server. In particular, Ajax drives mashups, which integrate disparate content or services into a single user experience. However, Ajax and mashup technology introduce new types of threats because of their dynamic and multidomain nature. It is important to understand these threats and to avoid them by adhering to some best practices.
Mashups
A mashup is a web application that combines content from more than one source into an integrated experience. Usually, the mashup components interact with each other. In the classic example of a mashup, a Craigslist component is combined with a mapping component (e.g., Google or Yahoo maps) such that when a user clicks on a new Craigslist entry, the mapping component updates its view to show the new address.
Mashups typically allow the end user to discover and integrate third party, Ajax-powered mashup components onto the mashup's canvas. Examples in the consumer social networking space include Facebook Widgets and MySpace Widgets, which end users can discover and insert into their pages.
From a technology perspective, mashup components represent Ajax-powered "mini applications" that are assembled into an Ajax-powered mashup container application that provides a framework for the components to communicate with each other. Sometimes the mashup container application enables cross-site communications by providing proxy services to allow server-side redirection to Web servers that are associated with a given mashup component.
Here is a whitepaper from Open Ajax Alliance on Ajax and mashup security that you may wish to peruse.
Ajax and Mashup Security
Thanks Viktor!
Posts
No comments:
Post a Comment