AJAX Benefits

AJAX benefits

AJAX benefits

While Asynchronous JavaScript and XML may have issues with security and performance, Zimbra Inc. still sees AJAX as the best way to deliver experiences on the Web and has based its open-source Web 2.0 platform on 200,000 lines of JavaScript, a company executive said Monday.

At the Web Builder 2.0 conference in Las Vegas, Zimbra’s president and chief technology officer, Scott Dietzen, emphasized a variety of AJAX and Web 2.0 technologies for developers and users, including the extension of AJAX to offline usage.

Despite AJAX’s problems, Dietzen said he favors it over other technologies such as Flash when it comes to the Web.

“There’s no other way to deliver a richly interactive experience on the Web,” said Dietzen, who was once CTO at BEA Systems Inc. “If you want the Web to look and feel and the ability to mash up all sorts of other Web technologies, I think AJAX is the best fit.”

Zimbra, which was acquired by Yahoo Inc. earlier this year for $350 million, is a provider of collaboration and messaging software.

Dietzen did cite AJAX security issues such as cross-site scripting attacks, in which user data can get interpreted in the browser, creating a breach. Also noted as a security concern was the use of source code in the browser.

“The goal for rich Internet applications at least ought to be to deliver the same level of security that we’ve delivered for Web applications because to deliver less undermines user confidence in various ways,” he said. This is a goal that is close to being achieved, Dietzen said.

Blocking execution of using JavaScript inside of an application is important for combating server-side scripting attacks, according to Dietzen. Obfuscation and minimization technologies to remove white space can be used as security measures, he said. On the positive side, there is no caching of user data on the desktop with AJAX. Dietzen also advised that sensitive code not is put in a browser.

Browsers, meanwhile, also present challenges. They render the same HTML differently and were not designed for the load presented by AJAX; browsers have memory leaks and performance gaps, Dietzen said. But browsers are getting better, Dietzen said.

“Safari 3 is dramatically better,” he said.

And Zimbra has found that Internet Explorer 7 executes JavaScript two to four times better than Internet Explorer 6 does, he noted.

Toolkits also have been a problem, but that situation, too, has been getting better. Toolkits now are available from organizations such as the Eclipse Foundation, Adobe Systems Inc. and Microsoft Corp. “I’m happy to say no more Zimbra developers are using text editors or vi to craft their JavaScript,” said Dietzen.

Offline AJAX usage is a “hot topic,” Dietzen said. Zimbra now can be used offline, he said.

“The answer for occasionally connected apps is to provide a cache on the client side that allows the application to interact locally with a data set, and then synchronize over the network when the network is available,” said Dietzen.

Offline AJAX systems can be developed by using a set of caching APIs in JavaScript that enables this. These are accessible via offerings such as Google Gears and the Dojo offline toolkit.

Also, developers can program a client in something other than JavaScript, using technologies such Adobe AIR (Adobe Integrated Runtime). Developers build full programs on the client integrated with the browser, like what Microsoft is doing with its Silverlight platform.

But Zimbra used another approach. “What we did at Zimbra is we actually took Zimbra server code, which was written in Java, and we created a microserver that runs on my local client,” said Dietzen.

Dietzen mentioned the AJAX technique of AJAX Linking and Embedding (ALE), in which one document can be embedded inside another. This expands content-sharing.

He also cited a technique called “lazy loading,” which cuts down loading time for Web pages. With lazy loading, the page loads but other parts of the application, such as calendaring, are loaded only as needed.

Dietzen noted that Zimbra’s platform enables the use of mashups — quickly assembled task-based applications deriving data from other, larger systems. Mashups get Dietzen’s vote as the killer app for Web 2.0.