Klaus Kaempf wrote:
* Lukas Ocilka <lukas.ocilka@suse.cz> [Apr 27. 2007 10:06]:
- It's true that AJAX can help creating very cool-looking web-interface but consider the high price we would have to pay: AJAX is very insecure and very unreliable when used for development by non-super-web-hackers.
Otoh, a lot of internet sites deployed solutions including ajax technology quite successful.
And I would bet that they can be hacked through it -- This might start a flame-war ;) :)
Some links:
We could also post some links why internet, kernel, life, whatever is extremely risky ;-)
Security threats exists everywhere. But we should not limit our thinking by such doubts in the first place.
I didn't want to say: Hey, life is risky, don't try that at home ;) My intention was: Hey, there is a security risk, so if you want to create something using AJAX, think twice (or rather more). Comparing to Internet, life, and everything: Some hobbies are just more risky than other ones. Mountain climbing is more risky than collecting post-stamps, even if you can passionately argue which stamp is nicer. More development possibilities == more security risks you have to care about.
- AJAX also causes quite high network traffic and quite high server load
Ajax done right causes the opposite since it only transfer whats really needed and not the whole dialog.
It depends on the load on the server ad the distance between the client and the server. In some cases, a working solution would block work using a slower connection.
- Consider the fact that we need, at least, some part of the web-server running with root privileges. That's what actually all clever web-administrators refuse to do ;)
And they're right in doing so. Requiring the web server running as root is broken design.
Yes, nobody needs to run the server as 'root' but you still somehow need to authenticate and get 'some' higher rights in 'some' layer to change the system, otherwise you couldn't do anything (again, flame war, $everything is possible). Anyway, again, I don't want to argue. Web or web-interface is a nice idea however there are many ways how to do it and also how NOT to do it. I will not laugh at anybody who tries AJAX+Ruby instead of YaST ;) L. -- Lukas Ocilka, YaST Developer (xn--luk-gla45d) ----------------------------------------------------------------- SUSE LINUX, s. r. o., Lihovarska 1060/12, Praha 9, Czech Republic