This means that each method must be manually exposed by a developer through
the use of the sajax_export() function. Due to this, it is also highly unlikely that a developer
would manually expose a sensitive method in a web application.
Unintended Method Exposure
There is no automatic countermeasure to unintended method exposure. After completing
an AJAX application, developers should always manually view their applications
through a web proxy tool such as WebScarab to see what exactly the application exposes
to clients.
DOJO TOOLKIT
The Dojo Toolkit (http://dojotoolkit.org/) is a client framework that aids in the development
of AJAX web applications. Dojo offers several features to simplify development
of an AJAX application, such as comprehensive widgets and effects libraries.
Chapter 7: AJAX Framework Exposures 187
Additionally, Dojo allows developers to include only the sections of the Dojo APIs that are
used by their application. This is done to address concerns developers often have with the
growing size of JavaScript that AJAX applications need to send to users for the application
to function. As with Prototype and other AJAX client frameworks, Dojo is solely a
client-side library of JavaScript files and thus can work with any server-side technology
in which a web application is written, such as PHP or Java.
Pages:
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339