AJAX applications will remain unworthy of serious business (at least for risk-conscious people).

This is quite a bold statement, especially considering the source: The Center for Education and Research in Information Assurance and Security (CERIAS), a prestigious academic institution. The author is Pascal Meunier whose current hobby is fighting all client-side scripting technologies, especially AJAX.

CERIAS has certainly some excellent thinkers when it comes to security, but in this case we respectfully disagree. Yes, there are security problems with browsers and web applications, but there are security problems with regular client software too. This fact has never prevented anybody (especially the risk-conscious people) from evaluating all the solutions available and selecting the ones with a better security architecture.

In his blog post, professor Meunier says there is problem with “same origin policy” and shared servers and he proves it by adding some nasty links from his Purdue homepage to the homepage of another collegue. True, but I cannot see how this could affect the happy users of so many well-designed web 2.0 applications. Then he signals that browsers can be made unusable by visiting pages with malicious Javascript. But this is old story: do you remember the funny sites with never ending loops of dialog boxes? Then he moves to analyze other vulnerabilities, but again I could see very weak relations with the present web 2.0 environment.

I can’t tell if these “Ajax horror stories” are episodic or endemic, but I believe that serious Ajax developers won’t cause any more harm than those working with a different software paradigm.

Gmail, the poster child of Ajax applications, is perfect for serious businesses. Combine it with Freenigma and you realize the security dream of any sysadmin: a robust mail service accessible from the Internet, with a very good spam filter, strong encryption and generous mailboxes. And please note that without the revolutionary Ajax interface there would be no chance to win user acceptance and the dream would vanish!

(Very good products like IMP and SquirrelMail never took off because corporate employees were reluctant to abandon the sleek and fast interface of traditional mail clients such as Outlook.)