Ajax isn’t a technology. It’s really several technologies, each flourishing in its own right, coming together in powerful new ways. Ajax incorporates:
- standards-based presentation using XHTML and CSS;
- dynamic display and interaction using the Document Object Model;
- data interchange and manipulation using XML and XSLT;
- asynchronous data retrieval using XMLHttpRequest;
“Ajax” enabling also leads to possible security issues as the new “Ajax enabled” pages will require a number of public accessible webservices to be written, these services may already exist and be being used by the current technology, for example PHP, ASP or Java , that is generating the plain XHTML+CSS pages. At present these webservices exist in a protected network zone and so may not have been written in as secure a manner – these services will now need reviewing for security problems and also the possibility that advanced users may try and access them directly to build there own pages – it is likely that direct access to the webservices is not expected and as such it may be wise to lock them down.