Sproutliner. JSON and Browser Security. JSON is a data interchange format. It is used in the transmission of data between machines. Since it carries only data, it is security-neutral. The security of systems that use JSON is determined by the quality of the design of those systems. JSON itself introduces no vulnerabilities. The web browser is a peculiar application environment. The security model of the browser was forged through a long series of foreseeable and painful blunders. This pain can be avoided by adopting good practices. I will share here a small set of principles which can be seen to be true. Never Trust The Browser The browser cannot and will not protect your secrets, so never send it your secret sauce. Keep Data Clean JSON is a subset of JavaScript, which makes it especially easy to use in web applications. On the server side, always use good JSON encoders and decoders.
Script Tags Script tags are exempt from the Same Origin Policy. Any page that includes scripts from other sites is not secure. Use SSL. Developing AJAX Applications the Easy Way. AjaxAC - Open-source PHP framework for creating AJAX / JavaScript applications. AJAX Interface Design. When any new technology undergoes fast and widespread adoption, there’s always an opportunity for unintended misuse. So it’s no surprise that the World Wide Web has seen its fair share of mishandled technologies: Download-heavy Java applets for simple page navigation Flash movies for superfluous intro animations Frames that disable simple book-marking and URL-sharing The overuse of images when simple HTML text would do Some of these technologies have been permanently scarred by excessive misuse. Flash is synonymous with Skip Intro and Java applets within Web applications are often shunned. “Many of us have been so bombarded with bad press on client-side Java that advising anything other than an HTML-based front end would be like digging your own grave.” - Alex Kalinovsky Now as a flurry of interest in AJAX sweeps the Web, it’s worthwhile to consider the design implications of this technology lest we end up with “Skip AJAX” in the future.
Fast & Incremental Communicating Change. Ajaxian Blog. AJAX Matters - Asynchronous JavaScript and XML and XMLHTTP development information. XMLHttpRequest & Ajax Working Examples - Links and Resources, Fiftyfoureleven.com. LiveSearch - Bitflux Blog Wiki (#) Posted in Ajax Examples and Demos (XMLHttpRequest) on Friday, February 25th, 2005 The wiki page for the livesearch function. From the page: On the client side, we use XMLHttpRequest for sending the request to the server. There we have a little PHP script, which returns a small HTML file ( Amazon Zuggest (#) Posted in Ajax Examples and Demos (XMLHttpRequest) on Friday, March 4th, 2005 | Via From the site: This is my take on Google Suggest only with Amazon so I've called it "Amazon Zuggest".
Francis writes "The Javascript runs in the browser and fires every so often, looks for something to search on, it shoots a request using XMLHttp to my webserver, which in turn creates a SOAP message that gets sent to Amazon. This is a cool little app. AJaX for weblogs (#) Posted in Ajax Examples and Demos (XMLHttpRequest) on Wednesday, March 9th, 2005 | Via XHTML live Chat via XMLHttpRequest (#) SproutLiner (#) Very cool...