• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

'Web Service and Security' in Ajax High Performance book

 
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Authors,

I am getting a bit anxious and also quiet alot surprised to see 'Web Service and Security' chapter in an Ajax High Performance book.

I am serioulsy interested to know what all going into this chapter as I have been working in Web Service for past couple of years and would love to leverage it with Ajax programming.

Hope you could elaborate something for the relationship between Ajax and WebServices.

Regards,
Dinesh Sundrani
 
author
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dinesh,

The link between Ajax and Web Services is an important one for people that are working behind the firewall and integrating with business systems that are already using Web Services - by which I primarily mean SOAP messaging rather than XMP-RPC or JSON based requests.

There are a few different options for integrating Ajax with SOAP based Web Services. There are browser specific solutions for dealing with SOAP messages in both Firefox and Internet Explorer, but the solution we recommend is the cross browser JavaScript SOAP toolkit from IBM. It makes dealing with SOAP fairly seamless.

Due to the same origin security policy of the web browser, XHR requests cannot be performed across domains. To get around this, script injection can be used to create mashups with services like Google Maps or JSONP and XMLP with either script injection or hidden IFrames can be used to access data across domains. The mashup approach is fairly safe. However, when you start requesting JSON or XML data across domains using script injection it can be a security problem since the HTTP headers of the web site user are sent along with any script request. To get around this, sites such as Google, will return any JSON data in comments such that it is not directly executable and can only be read by JavaScript that has requested it from the same domain using a proper XHR request.

I hope that helps!
 
Dinesh Sundrani
Ranch Hand
Posts: 78
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Dave, I'm pretty clear now!!

Regards,
Dinesh Sundrani
 
Let nothing stop you! Not even this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic