This is from a talk I gave at Stockholm's first Web Monday, last week.
In it, I try to describe the benefits of putting the client on the client and reducing complexity on the server.
The highlights are, as always, to try to make things as simple as possible, but no simpler :)
Cheers,
PS
In it, I try to describe the benefits of putting the client on the client and reducing complexity on the server.
The highlights are, as always, to try to make things as simple as possible, but no simpler :)
Cheers,
PS
Comments
And also data fed to the client can be exploited, somebody can request the XML or JSON or whatever and use that information directly.
Of course there are advantes and disadvantages with each way of doing things.
Also, if you're referring to the JSON cross-domain exploit it is only usable if you're using unshielded JSON, which now even Google has solved :)
There is no disadvantage doing it my way :)
The whole TSA/SOFEA idea (expropriating my colleague Ganesh's much more beautiful idea with excuses) can be reduced to putting the client in the browser and not generate the view on the server.
Anything beside that (in my opinion, and again, one might be very much stricter here) is up for grabs.
Cheers,
PS
"Furthermore, reflecting on the way most of sites still work and the AJAX advances, I wonder why we still use this absolutely non-sense model of having a pretty stupid browser doing almost nothing in a powerful idle PC or laptop, while a huge burden is imposed on web servers, which in many (most of) cases aren't that powerful as Amazon's, Google's or Microsoft's web farms, and always are a bottleneck."
You can see a complete example of yr approach at yes4best.com ( still early beta ). Fast, $100/mth hosting at Mosso ...
https://docs.google.com/presentation/pub?id=1A6Lm1I4nGE37DNrLeTxjh60Klc0dViFQPEDkVE3NSmE&start=false&loop=false&delayms=3000