Skip the navigation

AJAX benefits, issues cited by Zimbra exec

By Paul Krill
December 6, 2007 12:00 PM ET

InfoWorld - While Asynchronous JavaScript and XML may have issues with security and performance, Zimbra Inc. still sees AJAX as the best way to deliver experiences on the Web and has based its open-source Web 2.0 platform on 200,000 lines of JavaScript, a company executive said Monday.

At the Web Builder 2.0 conference in Las Vegas, Zimbra's president and chief technology officer, Scott Dietzen, emphasized a variety of AJAX and Web 2.0 technologies for developers and users, including the extension of AJAX to offline usage.

Despite AJAX's problems, Dietzen said he favors it over other technologies such as Flash when it comes to the Web.

"There's no other way to deliver a richly interactive experience on the Web," said Dietzen, who was once CTO at BEA Systems Inc. "If you want the Web look and feel and the ability to mash up all sorts of other Web technologies, I think AJAX is the best fit."

Zimbra, which was acquired by Yahoo Inc. earlier this year for $350 million, is a provider of collaboration and messaging software.

Dietzen did cite AJAX security issues such as cross-site scripting attacks, in which user data can get interpreted in the browser, creating a breach. Also noted as a security concern was use of source code in the browser.

"The goal for rich Internet applications at least ought to be to deliver the same level of security that we've delivered for Web applications, because to deliver less undermines user confidence in various ways," he said. This is a goal that is close to being achieved, Dietzen said.

Blocking execution of user JavaScript inside of an application is important for combating server-side scripting attacks, according to Dietzen. Obfuscation and minimization technologies to remove white space can be used as security measures, he said. On the positive side, there is no caching of user data on the desktop with AJAX. Dietzen also advised that sensitive code not be put in a browser.

Browsers, meanwhile, also present challenges. They render the same HTML differently and were not designed for the load presented by AJAX; browsers have memory leaks and performance gaps, Dietzen said. But browsers are getting better, Dietzen said.

"Safari 3 is dramatically better," he said. And Zimbra has found that Internet Explorer 7 executes JavaScript two to four times better than Internet Explorer 6 does, he noted.

Tool kits also have been a problem, but that situation, too, has been getting better. Tool kits now are available from organizations such as the Eclipse Foundation, Adobe Systems Inc. and Microsoft Corp. "I'm happy to say no more Zimbra developers are using text editors or vi to craft their JavaScript," said Dietzen.

Reprinted with permission from InfoWorld. Story copyright 2012 InfoWorld Media Group, Inc. All rights reserved.
Our Commenting Policies