Secure AJAX Mashups

Brent Ashley explains the problem and possible solutions for secure AJAX mashups (via Ajaxian). It has come a right time, when developers are reporting AJAX vulnerabilities.

The inherent conflict is because we are using today’s tools in an unintended way, which springs up surprises, especially when we least expect it. Howmuchever we try to tweak, we end up having to compromise on some aspect. I like the way in which Brent brings in security and scalability. In fact Shelley Powers has a good quote on her blog regarding this

An application can be mashup-friendly or it can be secure, but it cannot be both.

Brent lists a lot of resources in this excellent article. All the current efforts have been isolated, by one organization or individual. In my opinion we need a more institutionalized approach. Rather than trying to workaround the current tools and techniques it will be beneficial if we design new ones or redesign the old ones with the purpose of supporting asynchronous data retrieval from multiple sources. Of course, some might feel this will be an overhaul, but it is worth it if mashups provide us value.