Vous êtes sur la page 1sur 7

AJAX L G?

JavaScript, ngn ng lp trnh chy trn trnh duyt qu quen thuc vi th gii web k t khi Netscape pht minh ra n. S pht trin ca cng ngh v nhu cu ngi s dng ngy cng cao buc cc nh pht trin to ra mt k thut khc cho php x l cc tc v phc tp hn. Thng 2/2005, trn Internet bt u lan truyn thut ng Ajax nh l mt k thut mi cho ng dng web. Nhng thnh cng vang di v s hp dn k l ca Gmail, Google Suggest v Google Maps khin cho Ajax c ch mt cch c bit. Hu ht cc cu chuyn v ngun gc ca AJAX c bt u t khi Microsoft pht trin cng ngh Remote Scripting vo nm 1998. Tuy nhin, phng php ti khng ng b ni dung trn mt trang web xut hin trong thnh t IFRAME ca Internet Explorer 3 (1996) v thnh t LAYER ca Netscape 4.0 nm 1997. Khi gii thiu Internet Explorer 4.0, Microsoft s dng m hnh i tng ti liu DOM khc bit. n nm 2000, Netscape hon ton nh mt th trng trnh duyt vo tay hng phn mm ca Bill Gates v thnh t LAYER cng khng cn c cc chuyn gia pht trin web ch ti. Phi vi nm sau, AJAX mi li li ko c s quan tm ca gii cng ngh v tr thnh cng c ci tin giao din ngi dng cho ng dng web. Thut ng ny cng ch mi xut hin cch y 1 nm (thng 2/2005) trong bi vit ni ting ca Jesse James Garrett trn trang Adaptive Path. T , AJAX tr thnh trung tm trong mi cu chuyn lin quan n th h Web 2.0. Ajax l vit tt ca Asynchronous JavaScript and XML - k thut kt hp hai tnh nng mnh ca JavaScript c cc nh pht trn nh gi rt cao : o Gi yu cu (request) n my ch m khng cn np li trang o Phn tch v lm vic vi XML Cc ng dng Ajax xoay quanh mt tnh nng c tn l XMLHttpRequest. Cc k s ca d n Mozilla bt u h tr tnh nng ny bn Mozilla 1.0 (v Netscape 7). Apple cng thc hin mt tnh nng tng t k t Safari 1.2. Ajax l s phi hp mt lot cc cng ngh ang thu ht s quan tm ca gii cng nghip trong thi gian gn y. chnh l : o Trnh by trang Web da trn XHTML v CSS, cc chun ca W3C, c Firefox (Mozilla), Safari (Apple), Opera, Netscape 8.0 (nhn Firefox) h tr rt tt; o Biu din ng v tng tc s dng Document Object Model, chun ca W3C; o Trao i v x l d liu dng XML v XSLT, chun ca W3C; o Thu hi d liu bt i xng dng dng XMLHttpRequest; o Dng JavaScript lin kt mi th li vi nhau. JavaScript y l ECMAScript, chun ca ECMA, khng phi l JScript ca Microsoft.

AJAX hot ng nh th no? T lu, mi ngi tng tng ng dng my tnh ri s c lu v chy hon ton trn web thay v nm b buc trong cng. D vy, vin cnh vn cha th xy ra do ng dng web b hn ch bi nguyn l rng tt c cc thao tc phi c thc hin thng qua HTTP (HyperText Transfer Protocol - Giao thc truyn ti qua siu lin kt). Nhng hot ng ca ngi s dng trn trang web s to ra mt yu cu HTTP ti server. My ch thc hin mt s khu x l nh ly li d liu, tnh ton, kim tra s hp l ca thng tin, sa i b nh, sau gi li mt trang HTML hon chnh ti my khch. V mt k thut, phng php ny nghe c v hp l nhng cng kh bt tin v mt thi gian, bi khi server ang thc hin vai tr ca n th ngi dng s lm g? Tt nhin l ch i. khc phc hn ch trn, cc chuyn gia pht trin gii thiu hnh thc trung gian - c ch x l AJAX - gia my khch v my ch. Ajax cho php to ra mt Ajax Engine nm gia giao tip ny. iu ny ging nh vic tng thm mt lp gia cho ng dng gim qu trnh "i li" ca thng tin v gim thi gian phn ng. Khi , cc yu cu gi resquest v nhn response do Ajax Engine thc hin. Thay v tr d liu di dng HTML v CSS trc tip cho trnh duyt, web server c th gi tr d liu dng XML v Ajax Engine s tip nhn, phn tch v chuyn ha thnh XHTML+CSS cho trnh duyt hin th. Vic ny c thc hin trn client nn gim ti rt nhiu cho server, ng thi ngi s dng cm thy kt qu x l c hin th tc th m khng cn np li trang. Mt khc, s kt hp ca cc cng ngh web nh CSS v XHTML lm cho vic trnh by giao din trang web tt hn nhiu v gim ng k dung lng trang phi np. V thay v ti li (refresh) ton b mt trang, n ch np nhng thng tin c thay i, cn gi nguyn cc phn khc. V th, khi duyt mt trang h tr AJAX, ngi s dng khng bao gi nhn thy mt ca s trng (blank) v biu tng ng h ct - du hiu cho thy my ch ang thc hin nhim v. V d, trong mt website nh, vi ng dng truyn thng, ton b trang cha cc nh s phi m li t u nu c mt thay i no trn trang. Cn khi p dng AJAX, DHTML ch thay th on tiu v phn va chnh sa, do vy to nn cc giao dch trn tru, nhanh chng. "Mi thao tc ca ngi s dng s gi lnh JavaScript ti b x l AJAX, thay v to ra mt yu cu HTTP (HTTP request) v truy vn ti my ch", Jesse James Garrett ghi trong bi vit u tin nh ngha v thut ng ny. "Nu cn g t server, nh ti v b sung m giao din hay nhn d liu mi, AJAX s truyn yu cu ti my ch mt cch khng ng b, thng thng s dng XML, m khng lm gin on s tng tc ca ngi dng vi ng dng web". Tnh khng ng b ca cc ng dng Ajax c th hin trong hnh di y.

Nhng nhc im ca AJAX AJAX c th gp phn to nn mt th h mi cho ng dng web (nh colr.org hay backpackit.com). Tuy nhin, n cng l mt cng ngh "nguy him" khi gy ra khng t rc ri v giao din ngi dng. Chng hn, phm "Back" (tr li trang trc) c nh gi cao trong giao din website chun. ng tic, chc nng ny khng hot ng n khp vi Javascript v mi ngi khng th tm li ni dung trc khi bm phm Back. Bi vy, ch mt s xut nh l d liu trn trang b thay i v kh c th khi phc li c. y l mt trong nhng nguyn nhn chnh khin nhiu ngi khng ng h ng dng Javascript. Bn cnh , mi ngi khng th lu li a ch web vo th mc Favorite (Bookmark) xem li v sau. Do p dng lp trung gian giao dch, cc ng dng AJAX khng c mt a ch c nh cho tng ni dung. Khim khuyt ny lm cho AJAX d "mt im" trong mt ngi dng. Nhng trnh duyt h tr AJAX phi l cc trnh duyt mi, hin i nh Microsoft Internet Explorer 5.0 tr ln; browser da trn Gecko nh Mozilla, Firefox, SeaMonkey, Epiphany, Galeon v Netscape 7.1; trnh duyt cha KHTML API 3.2 tr ln nh Konqueror, Apple Safari... Cc trang Web c s dng AJAX :

Google Maps

Client MAP interface

Google Map Server

OGC WFS Feature Data Server

S hi sinh ca Ajax trong vi thng gn y mt phn nh nhng ng dng ci tin ca Google trong qu trnh xy dng bn online. Trc y, s thng l tnh: ngi xem bm vo mi tn tri, i vi giy trang web ti ni dung v dch chuyn hnh nh sang tri. Qu trnh c lp i lp li nh th mt cch chm chp v gy kh chu cho nhiu ngi. Vi Google Maps, ngi dng c th ko bn theo bt c hng no, xem khu vc mi nhanh chng, v phng to, thu nh d dng khi ko con trt Ajax. Mt v d khc l dch v web mail. Khch hng, sau khi xem ni dung, s bm vo mt phm trn giao din nu mun xa thng tin. My ch mail t xa nhn lnh v phn hi li bng vi mt trang mi b i nhng phn b xa. Yahoo ang th nghim mt giao din mi s dng cng ngh Ajax. Khi ta xa mt mc no , v Ajax s cu hnh li trang tc th m khng cn i phn hi. Hn na, khi m mt thng ip c, trnh duyt ch hin th ni dung, bi ngi s dng bit tiu th v khng cn phi lng ph thi gian nhn i d liu ti xung na. Hng dch v trc tuyn ln nht th gii cng ang xy dng mt cng c Ajax c th nhanh chng cp nht thng tin khi khch hng la chn sn bay, chuyn bay, thi gian... Hng AOL, c quan ch qun ca CNN.com, bt u s dng Ajax t ma h qua, cho php khch hng sp xp li, chn hin th v chuyn i album nh ch vi mt vi thao tc nhn chut. Tun trc, cng ty MarketWatch (M) quyt nh cung cp bn tin

bao gm nhng trch dn chng khon c cp nht lin tc mi giy, vi mu xanh v nhp nhy khi gi dao ng. Microsoft cng ng dng Ajax trong bn cp nht Hotmail v ang xy dng chng trnh mi h tr s pht trin Ajax. Cng ngh thay th XAML s cho php nhiu ng dng phong ph hn hot ng trn trnh duyt. Nhng khng nh Ajax, n ch chy trn my tnh Windows. Tuy vy, Ajax cha th thc hin tt c mi th. Nhng ng dng ph thuc nhiu vo my tnh c nh nh Photoshop ca Adobe s khng xut hin sm trn trnh duyt. Ngay c Google cng phi to mt phn mm bn trn desktop (Google Earth) v yu cu ti chng trnh v c th hin th hnh nh 3D v thc hin mt s tnh nng ci tin khc. Hn na, ng dng web i hi phi lin tc kt ni vi Internet, khin cng vic trn s tr nn kh khn nu b gin on.

Bo mt trong Ajax Cng ngh AJAX n cha nhng l hng nghim trng Cc ng dng AJAX xut hin ngy mt nhiu ng ngha vi vic doanh nghip v ngi s dng phi ng u vi nhng nguy c bo mt mi. Tuy nhin, cc chuyn gia pht trin c v khng nhn thc y v mi him ha ny. Thng thng, tn cng mt ng dng qua lp web d hn nhiu so vi vic c xuyn qua tng la hoc tm ng vng trnh cc h thng chng xm nhp, Billy Hoffman, Trng nhm nghin cu thuc cng ty bo mt Spi Dynamics (M), cho hay. i vi ngi s dng, AJAX l phng php lp trnh gip website hot ng nhanh v mang tnh tng tc hn. Google gii thiu cng c AJAX cho php ngi dng tch hp kt qu tm kim trc tip ngay trn trang web ca h. Cc ng dng AJAX ph bin khc l site chia s nh Flickr v trang tin tc Digg. Tuy nhin, dch v e-mail h tr t hp cng ngh ny ca Yahoo gp li bo mt nghim trng hi h nm ngoi. K tn cng pht tn mt thng ip cha m c truy cp e-mail ca nn nhn, ti danh sch a ch v gi th rc t chnh ti khon b t nhp. Mi nguy him dng ny cn c gi l XSS (cross-site scripting) do chng c th m rng ra mt vi dch v khc. XSS ang nhanh chng tr thnh hnh thc tn cng trc tuyn ph bin nht i vi hacker. Salesforce.com, PayPal v Google u phi sa li bo mt XSS trong cc phn mm ca h. Trong khi , gii pht trin web thng khng ch n vic bo mt cc on m do h thng l chuyn gia thit k ha, cn cc chuyn gia phn mm to m cho web

li hay t ra ch quan. Hn na, rt nhiu chng trnh hng dn s dng AJAX cha y li c bn m cc nh pht trin web khng h hay bit. Di y l mt s cc li bo mt : *Cc iu khin bo mt trnh khch: Mt vi ngi c th tranh lun rng s ph thuc vo vic lp trnh trn trnh khch gy ra kh nng mang n mt vi vn nh hng. Kh nng nh vy lin quan n vic bo mt ca cc chuyn gia thit k km hiu qu thng qua cc iu khin trnh khch. Trng hp s dng ca Ajax l kh t cho m scripting trnh khch. Tuy nhin cc nh thit k hin nay ang phi vit c hai loi m trn trnh ch v trnh khch. V vy c th thu ht cc chuyn gia thit k hng v iu khin bo mt trn trnh khch. R rng trn trnh khch l khng an ton v cc k tn cng c th thay i bt k code no ang chy trn my tnh trnh khch ca h. Chnh v vy cc iu khin bo mt cn phi b sung trn c server hay lun lun phi c thi hnh trn my ch. * Tng b mt tn cng Mt thch thc th hai lin quan n s kh khn l vic bo v s tng b mt tn cng. Ajax chc chn lm tng phc tp ca tt c cc h thng. Trong qu trnh m Ajax k tc, cc chuyn gia thit k c th vit m vi mt s lng ln cc trang trnh ch, mi trang thc hin mt vi chc nng nh (trong c ng dng ln). Cc trang nh ny s l mt target thm vo cho cc k ph hoi v nh vy mt im thm na cn phi c bo m bo v l hng mi khng c gii thiu. iu ny tng t nh cc khi nim bo mt bit trong cc li i vo ca mt ngi nh: kh khn y l ch vic bo m cho mt ngi nh mt ca so vi cho mt ci c 10 ca. * K h cu ni gia ngi dng v cc dch v Ajax l mt phng php mang n cho ngi dng cc giao din thn thin hn bi cu trc dch v trc tip ca n. C hch lm cho mt cp cu trc server-based ri ra l mt tng y ha hn vi nhiu li ch nht l trong mi trng kinh doanh. Khi c nhiu hn cc endpoint ny c pht trin v khi Ajax gii thiu kh nng y vic x l tinh vi hn n ngi dng th trin vng chuyn ri m hnh ba lp s xy ra. Nhn chung, nhiu dch v web bn trong h thng kinh doanh (ci m tng phn vi ton b mng Internet) c thit k cho B2B (Business to Business), cng chnh v th cc nh thit k v pht trin thng khng mong mun s tng tc vi ngi dng thc s. S khng lo xa ny dn n mt lot cc gi nh bo mt ti trong sut qu trnh thit k. V d, cc nh thit k lc ban u tha nhn s nhn thc, quyn nng v hiu lc u vo s c thc hin cc h thng thuc tng gia. Ai cho php outsiders gi trc tip cc dch v ny thng qua Ajax, mt tc nhn khng mong mun c gii thiu trong nh. Mt v d thc ca cuc sng nh vy l mt mt xch ph hp t Microsoft n s dng Atlas hand-in-hand vi cc dch v web. Gi y cc chuyn gia thit k c th vit Javascript to u vo XML v gi ng dch v

web t bn trong trnh duyt ca trnh khch. Trong qu kh, iu ny c thc hin thng qua cc s y nhim dch v ti server. *S r r thng tin : JavaScript trong Ajax nm gi cc yu cu ca ngi s dng v thc hin cc lnh gi hm bng vn bn n server. V d v cc yu cu ca ngi dng : Tr v gi ca sn phm c ID 24 Tr v cc thnh ph c trong bang yu cu Cp nht tui ca ngi s dng vo c s d liu Nhng lnh gi hm ch ra lm cch no thng tin c gi cho mi yu cu ca ngi s dng. Thng tin ny, c gi di dng vn bn, l ni chnh yu k tn cng xm nhp vo bn trong ng dng. T im thun li ny, k tn cng s s hu cc tn hm, tn bin, nhng tham s hm, cc kiu tr v, kiu d liu, v dy d liu c gi tr. Hnh sau s ch ra mt k tn cng o bn trong mt ng dng web s dng Ajax

Vic bc b cc yu cu v on m cross-site Nhng yu cu t trnh duyt v nhng yu cu ca b my Ajax th ging nhau. Server khng th phn bit yu cu to bi JavaScipt v yu cu to bi hi p cho mt hnh ng ca ngi s dng. iu ny c ngha l rt kh cho mt c nhn chng minh rng h lm mt hnh ng no . Cng c ngha l JavaScipt yu cu ti nguyn bng cch s dng Ajax m n ch chy background m khng c s nhn thc ca ngi s dng. Trnh duyt s t ng thm vo s xc nhn cn thit hoc thng tin lu gi trng thi nh cc cookies cho yu cu. Sau m JavaScript c th truy cp p ng cho yu cu n ny v gi thm yu cu. S m rng kh nng ca JavaScript lm tng kh nng ph hoi ca cc cuc tn cng XSS (Cross-Site Script) XSS l s nhng cc on m nh JavaScript hoc VBScript vo trong trang c tr v cho trnh duyt ca ngi s dng. Sau , on m s c thc thi t trnh duyt ca ngi s dng, lm cho ngi s dng b nhim phi nhiu loi nh nh cp thng tin cookies, nh cp mt khu, lm b hnh nh, v cc tn cng t chi dch v (DoS) V ngoi ra cn mt s cc vn v bo mt khc lin quan n cc ng dng Web s dng AJAX : Ajax lm tng cc cuc tn cng XSS, phi hp v truyn b XSS, vic cng iu Ajax,