views:

100

answers:

4

What is Ajax ? How does it work ? How to use it ? What are the performance and security concerns and how to avoid them ?

A: 

AJAX is the acronim of Asyncronous Javascript and XML

The idea behind the acronim is specifically based in the "Asyncronous" term, because it can load HTML and XML asyncronously, preventing a lot of Client-Server round trips.

In other words with AJAX you don't need to reload the page each time something changes in it.

backslash17
That's not what is meant by asynchronous, the asnchronous nature of an xmlHttpRequest refers to that JavaScript doesn't block while waiting for a request to come back (unless you want it to). It means that that JavaScript can continue to execute while a request is in progress.
apphacker
+1  A: 

Here are several very good virtual labs on AJAX. If you do those, you will have a very good idea of what AJAX is and why it's useful.

JP Alioto
+1  A: 

AJAX is a term to describe a process of using client-side JavaScript to request data from a remote server. It allows for dynamic webpages that don't necessarily require user input or traditional browser navigation to add dynamism to a website. It makes the development of client side applications that run in a browser feasible. It can lead to rich and responsive user intefaces like this site, and complex applications such as Google Docs.

apphacker
+1  A: 

Ajax is as secure as any other html form, it is just that the submission can happen behind the scenes, so the user can continue to do something else, and when the new data comes in, or their request is processed, then they can get the information.

Unfortunately many people still wrote unsecure forms, so the problems are multiplied with ajax as there are many more form requests.

Using GET action for anything that will modify a database is bad as those links can be clicked by web spiders, so a simple thing is to decide when you need get, and in most cases use POST, and validate every input from the browser, as it should be suspect until the server has validated it.

James Black