This document provides an introduction to AJAX including its history, definition, examples of popular websites that use it, reasons for using it, and security considerations. It explains that AJAX uses XMLHttpRequest to asynchronously send and receive data from a web server in the background without interfering with the display and behavior of the existing page. Some benefits include faster interactions and reduced network traffic, while potential issues relate to bookmarking, search engine indexing, and reliance on JavaScript.

1. NAME: RIZWAN ULLA SHAH
ID: 5987
INTRODUCTION OF AJAX & SECURITY

2. • WHAT ?
• HOW ?
• WHO ?
• WHY ?
• SECURITY ?

3. THE HISTORY OF AJAX
• HTTP HAS SOME LIMITATIONS.
• MICROSOFT’S REMOTE SCRIPTING XML AND XSLT
• IE SPECIFIC WE NEED MORE FLEXIBLE SKILLS
• MICROSOFT FIRST IMPLEMENTED THE XML HTTP
REQUEST OBJECT IN INTERNET EXPLORER 5 FOR
WINDOWS AS AN ACTIVEX OBJECT.
• ENGINEERS ON THE MOZILLA PROJECT IMPLEMENTED A
COMPATIBLE NATIVE VERSION FOR MOZILLA 1.0 (AND
NETSCAPE 7).
• APPLE HAS DONE THE SAME STARTING WITH SAFARI 1.2.

4. COUNT..
APR 1, 2004 APRIL FOOL’S DAY
GOOGLE E-MAIL SERVICES
1GB STORAGE INCREDIBLE USER INTERFACES
AJAX: A NEW APPROACH TO WEB APPLICATIONS FEB 18, 2005 JESSE
JAMES GARRETT , ADAPTIVE PATH

5. DEFINING AJAX
• STANDARDS-BASED PRESENTATION USING
XHTML AND CSS DYNAMIC DISPLAY AND
INTERACTION USING THE DOCUMENT
OBJECT MODEL DATA INTERCHANGE AND
MANIPULATION USING XML AND XSLT
ASYNCHRONOUS DATA RETRIEVAL USING
XMLHTTPREQUEST AND JAVASCRIPT
BINDING EVERYTHING TOGETHER.

6. ( WHAT ) ?
• AJAX: ASYNCHRONOUS JAVASCRIPT AND XML
• AJAX USES A XML TO SEND AND RECEIVE ASYNCHRONOUS
REQUESTS/RESPONSES AND THEN LEVERAGES PRESENTATION
TECHNOLOGIES ( JAVASCRIPT , DOM, HTML, AND CSS) TO PROCESS
THE RESPONSE.
• MOST BROWSERS SUPPORT THE NECESSARY TECHNOLOGY FOR
AJAX.
• AJAX ENABLES YOU EXECUTE A SERVER-SIDE METHOD THROUGH
A JAVASCRIPT CALL, WITHOUT REQUIRING A BROWSER REFRESH.

7. HOW (HOW TO USE AJAX ) ?
• MODIFY WEB.CONFIG
• REGISTER THE WEB PAGE
• USE <AJAX.AJAXMETHOD()> ATTRIBUTE
• WRITE JAVASCRIPT TO HANDLE THE
RESPONSE.

8. HOW (HOW TO USE AJAX ) ?
DO NOT JUST TELL ME,
SHOW ME A DEMO!

9. WHO (WHO USE AJAX)?
• WINDOWS LIVE MAIL ( HTTP://WWW.HOTMAIL.COM )
• GOOGLE
GOOGLE MAIL ( HTTP://WWW.MAIL.GOOGLE.COM )
GOOGLE MAPS ( HTTP://WWW.MAPS.GOOGLE.COM )
GOOGLE SUGGESTS (
HTTP://WWW.GOOGLE.COM/WEBHP?COMPLETE=1&HL=EN )
• YAHOO! FLICKR ( HTTP://WWW.FLICKR.COM )
• MEEBO ( HTTP://WWW.MEEBO.COM )
• FACEBOOK ( HTTP://WWW.FACEBOOK.COM )
………WHO’S NEXT (YOU???)

11. WHY ( WHY TO USE AJAX ) ?
• FASTER WEB ACTIONS
• LESS (OR NO) PAGE REFRESHES
• REDUCE NETWORK TRAFFIC
• DECREASED SERVER-SIDE BANDWIDTH USAGE
• WEB APPS THAT RIVAL (OR SURPASS) INSTALLED
GUI APPS

12. WHY ( WHY NOT TO USE AJAX ) ?
• BYE BYE, BOOKMARKS!
• SEARCH ENGINES MAY NOT BE ABLE TO INDEX
ALL PAGES.
• INACCURATE BACK & FORWARD BUTTON
ACTIONS.
• JAVASCRIPT CAN BE EASILY DISABLED FROM
CLIENT SIDE.

13. SECURITY AT SERVER SIDE
• AJAX-BASED WEB APPLICATIONS USE THE SAME SERVER-SIDE
SECURITY SCHEMES OF REGULAR WEB APPLICATIONS.
• YOU SPECIFY AUTHENTICATION, AUTHORIZATION, AND DATA
PROTECTION REQUIREMENTS IN YOUR WEB.XML FILE (DECLARATIVE)
OR IN YOUR PROGRAM (PROGRAMMATIC).
• AJAX-BASED WEB APPLICATIONS ARE SUBJECT TO THE SAME
SECURITY THREATS AS REGULAR WEB APPLICATIONS.
ATTACKS
• SEE WHAT HE/SHE SEARCHED FOR
• READ EMAILS
• STEAL CREDIT CARD DETAILS THROUGH PAYPAL

14. SECURITY AT CLIENT SIDE
• HACKER CAN USE JAVASCRIPT CODE FOR INFERRING SERVER-SIDE
WEAKNESSES.
• JAVASCRIPT CODE IS DOWNLOADED FROM THE SERVER AND
EXECUTED AT THE CLIENT AND CAN COMPROMISE THE CLIENT BY
MAL-INTENDED CODE.
USEFUL TOOLS & DEFENSE
• NOSCRIPT – ACCEPT SCRIPTS ONLY FROM SITES YOU TRUST
• ALTCOOKIES – ACCEPT COOKIES ONLY FROM SITES YOU TRUST
• FIREBUG – DIG DEEPLY INTO HTML/JAVASCRIPT/CSS AND HTTP