RSS Alerts

Aditya K Sood

Job title:
Founder , SecNiche Security

Areas of expertise:
Penetration testing, reverse engineering, security research

Biography:
Aditya K Sood is a Sr. Security Researcher at Vulnerability Research Labs (VRL), COSEINC. He has been working in the security filed for the past 7 years. He is also running an independent security research arena, SecNiche Security. He is an active speaker at security conferences and already has spoken at EuSecWest, Xcon, Troopers, Owasp, Xkungfoo, CERT-IN etc. He has written a number of whitepapers for Hakin9, Usenix, Elsevier and BCS. He has released a number of advisories to forefront companies. Besides his normal job routine he loves to do a lot of web based research and designing of cutting edge attack vectors.

Tag Cloud

Rogue AV Compliance security Compromised Sites Malware Web Security Cybercrime Business Value

Bloggers

Blog

Web 2.0 – Truth and Lies in AJAX World

Web 2.0 has metamorphosed the complete scenario of internet.

In the AJAX world, most of the working functionality is derived by efficient technology methods and ingrained software dependency. In order to scratch deep down the bottom the differential aspect of this technology must be understood. There are a number of truth and lies rotating inside this AJAX world. The basic and most influential changes are mentioned below which clarify the truths prevailing and the lies hidden inside this framework:

  • The specific difference between using XHR request and IFRAME request is that the IFRAME processed requests are cached in history of browser which is not possible in XHR.
  • The XHR requests are irreversible in nature. It means if a user clicks the forward button on the browser and jumps to the next page, then if he tries to press the backward button on browser, a user will not be taken to the previous page which is controlled by AJAX. Rather, the user is taken to the page before the AJAX code. This case is totally opposite in IFRAME tags.
  • AJAX implements the concept of Single Object Refreshing (SOR). It means the object component retrieves information from server, tweaks the DOM without refreshing the whole page. As a result of this, a lot of processing power is used.
  • AJAX makes JavaScript an object oriented stature rather than a procedural environment. The class libraries are defined to encapsulate the object behavior. Strings are even treated as object with properties.
  • IFRAMES never provide a graceful method for checking the state of requests. IFRAME renders the response sent back from the server. If the response is in HTML the IFRAME must be able to navigate the DOM to retrieve the results.
  • Asynchronous requests do not cause the browser to block the request. The browser can use continuously other components of web application. Inherent use of multiple asynchronous requests requires unique IFRAME for a single request. It becomes hard to manage and even raises complexity coz of embedding them in web pages.
  • Any browser which does not support AJAX XHR request and if a page is loaded into the browser ,then most of the remoting toolkits have a hidden IFRAME to provide fake XHR support to the page.
  • Previously, the IFRAME which is a normal HTML frame is used to trip back data from the server.

Precisely, it is embedded in other HTML page to do work.

Aditya K Sood

Posted 08/10/2009 by Aditya K Sood

Tagged under: AJAX , JSON , WEB 2.0

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water