Friday, July 27, 2018

How We can Secure Protect our websites from Hackers ...


  • Image result for secure web pic






9 security tips to protect your website from hackers

You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or mess with your website layout, but instead attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware. 
Hacking is regularly performed by automated scripts written to scour the internet in an attempt to exploit known website security issues in software. Here are our top nine tips to help keep you and your site safe online.

01. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.
If you are using a managed hosting solution then you don't need to worry so much about applying security updates for the operating system as the hosting company should take care of this.
If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.
Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend on but aren't paying any attention to is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.

02. Watch out for SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.
Consider this query:
"SELECT * FROM table WHERE column = '" + parameter + "';"
If an attacker changed the URL parameter to pass in ' or '1'='1 this will cause the query to look like this:
"SELECT * FROM table WHERE column = '' OR '1'='1';"
Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.
You could fix this query by explicitly parameterising it. For example, if you're using MySQLi in PHP this should become:
$stmt = $pdo->prepare('SELECT * FROM table WHERE column = :value');
$stmt->execute(array('value' => $parameter));

03. Protect against XSS attacks

Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in the browsers of your users, and can change page content, or steal information to send back to the attacker. For example, if you show comments on a page without validation, then an attacker might submit comments containing script tags and JavaScript, which could run in every other user's browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment. You need to ensure that users cannot inject active JavaScript content into your pages.
This is a particular concern in modern web applications, where pages are now built primarily from user content, and which in many cases generate HTML that's then also interpreted by front-end frameworks like Angular and Ember. These frameworks provide many XSS protections, but mixing server and client rendering creates new and more complicated attack avenues too: not only is injecting JavaScript into the HTML effective, but you can also inject content that will run code by inserting Angular directives, or using Ember helpers.
The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions that explicitly make the changes you're looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content.
Another powerful tool in the XSS defender's toolbox is Content Security Policy (CSP). CSP is a header your server can return which tells the browser to limit how and what JavaScript is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline JavaScript, or disable eval(). Mozilla has an excellent guide with some example configurations. This makes it harder for an attacker's scripts to work, even if they can get them into your page.




04. Beware of error messages

Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don't leak secrets present on your server (e.g. API keys or database passwords). Don't provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

05. Validate on both sides

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

06. Check your passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.
In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords, the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.
Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it's worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

07. Avoid file uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded, however innocent it may look, could contain a script that when executed on your server, completely opens up your website.
If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not foolproof. Most images formats allow storing a comment section that could contain PHP code that could be executed by the server.
So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won't attempt to execute files with image extensions, but don't rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.
Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can't be executed. If using *nix, you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.
deny from all
    <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>
Ultimately, the recommended solution is to prevent direct access to uploaded files altogether. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:
<img src="/imageDelivery.php?id=1234" />
     
<?php
      // imageDelivery.php
     
      // Fetch image filename from database based on $_GET["id"]
      ...
     
      // Deliver image to browser
       Header('Content-Type: image/gif');
      readfile('images/'.$fileName);  
     
?>
Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.
Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don't have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.
If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.
If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.
Finally, don't forget about restricting physical access to your server.

08. Use HTTPS

HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees  that users are talking to the server they expect, and that nobody else can intercept or change the content they're seeing in transit.
If you have anything that your users might want private, it's highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged-in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.
That's no longer as tricky or expensive as it once was. Let's Encrypt provides totally free and automated certificates, which you'll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you.
Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. Insecure HTTP is on its way out, and now's the time to upgrade.
Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain.

09. Get website security tools

Once you think you have done all you can then it's time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.
There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL Injection.
Some free tools that are worth looking at:
  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
  • OpenVAS Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.
  • SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured.
  • Xenotix XSS Exploit Framework A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site's inputs are vulnerable in Chrome, Firefox and IE.
The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren't a concern for your site.
There are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.
So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or uploading a server side script.

-----------------------------------------------------------------------------------------------------------------------

Thursday, July 26, 2018

Civil Interview Questions updated on Jul 2018


Image result for interview image         


  • Civil interview questions and Answers


How do you measure concrete? 
Cubic feet, Cubic yards, Cubic Meter


Which is stronger solid steel rod or hollow steel pipe?
On a per pound basis, steel pipe is stronger in bending and is less likely to buckle in axial compression.

What is the tallest man made structure in the world?
The tallest man made structure is the KVLY-TV mast which is 2063 feet tall. The worlds tallest man made structure is Burj Dubai which is 800 meter tall.

What is braced excavation all about?
Excavations are braced to prevent the cave-in of surrounding unstable soil.

What is the meaning of soil reinforcement?
Soil reinforcement is the act of improving soil strength to enable it support or carry more load.

Two common examples are:

a) Mixing a soil amendment such as lime into weak clayey soil and re-comPActing to improve soil-bearing caPAcity (often done under the road base in highway construction)

b) Installing plastic or composite webbing layers (called geo-grid material) alternating with comPActed soil to produce a stronger sloped soil structure (often done on steep roadway embankments to improve strength and stability)

What is aggregate?
Aggregate is the component of a composite material used to resist compressive stress.

What year was the keystone power plant in Indiana County constructed?
1967 began commercial operation on unit 1.

What is the force exerted by the Tacoma narrows bridge?
The force exerted to the Tacoma narrows bridge was initially the wind resistance. The wind resistance caused the whole bridge to act as a system with forced vibration with damping.

What are the uses of alloys in daily life and how are alloys made?
Alloying is not always done to produce a 'superior' material, but to produce materials having a desired requirement in the industry or elsewhere. A classic case is of lead solder (containing lead & tin), in which the melting point of the constituent elements are lowered, not necessarily a desirable property.

Alloying can be carried out using hot press method (a sheet of material is sandwiched with alloying material), rolling the heated base metal in a drum full of alloying metal powder, using hot spraying, galvanizing (dipping the base in a molten solution of alloying material) etc. Sometimes the alloying material is added in small proportions to the molten base metal (e.g., in production of different types of steel).

10 What is the worlds largest concrete dam?
The Grand Coulee Dam is said to be the largest concrete dam. Currently the world's largest concrete dam is the Itaipu Dam, an accomplishment of two neighboring countries, Brazil and Paraguay in South America.

Though it is not finished yet, the Three Gorges (or Sandapong) Dam on the Yangtze River in China will take over as the largest upon its completion, which is slated for 2009.
 
What are the main reasons of building collapse?
There are several reasons for building collapse. Passage of time is the main reason. Also, weak foundations, natural calamities like earthquakes, hurricanes, etc., are the major reasons for building collapse. Bombing and destruction is also another major reason.

State the applications of modulus of elasticity.
Modulus of elasticity is related to the flexibility of the material. The value of modulus of elasticity is pretty important in case of deflection of different materials used in building construction.

How are the freeway bridges built?
The traffic that is likely to go over the bridge at a time is estimated and the cement, rocked with rebar stanchions is placed over the freeway to build a bridge. Off-ramp from freeway to the bridge and on-ramp from the bridge to the freeway are constructed. Cement slabs are used to build a platform.

What is the basic difference in absorption, adsorption, and sorption?
Absorption refers to the phenomenon where an atom, molecule or ions enter any bulk phase like gas, solid or liquid. Absorption refers to the phenomenon where energy of photon is transferred to other entity.
Adsorption is similar to absorption. It refers to the surface rather than a volume. Adsorption takes place when the gas or liquid solute accumulates on the surface of solid. A substance diffuses in liquid or solid to form a solution.

Difference between routine maintenance and major maintenance for school facilities:
Routine maintenance is handling the minor repairs of the school campus. Major maintenance can be total reconstruction or renovation of the school.

What is soil analysis?
Soil analysis is the testing of soil to determine the nutritional and elemental composition of soil. It is generally tested for knowing the contents of nitrogen, potassium and phosphorous.

State the building codes.
These codes are the set of specifications to ensure the safety associated with any building construction. These codes are associated with the height, spacing, and installation of the building. These codes play an important role in vacating the building in case of any emergency situations.
From these interview questions, you will get an idea of the questions interviewer can ask you in the civil engineering position interview. Refer to some more sample questions here and revise all the answers carefully.

What are the steps involved in the concreting process, explain?

The major steps involved in the process of concreting are as follows:
1. Batching
2. Mixing
3. Transporting and placing of concrete
4. Compacting.

> Batching: The process of measurement of the different materials for the making of concrete is known as batching. batching is usually done in two ways: volume batching and weight batching. In case of volume batching the measurement is done in the form of volume whereas in the case of weight batching it is done by the weight.
> Mixing: In order to create good concrete the mixing of the materials should be first done in dry condition and after it wet condition. The two general methods of mixing are: hand mixing and machine mixing.
> Transportation and placing of concrete: Once the concrete mixture is created it must be transported to its final location. The concrete is placed on form works and should always be dropped on its final location as closely as possible.
> Compaction of concrete: When concrete is placed it can have air bubbles entrapped in it which can lead to the reduction of the strength by 30%. In order to reduce the air bubbles the process of compaction is performed. Compaction is generally performed in two ways: by hand or by the use of vibrators.

Describe briefly the various methods of concrete curing.

Curing is the process of maintaining the moisture and temperature conditions for freshly deployed concrete. This is done for small duration of time to allow the hardening of concrete. The methods that are involved in saving the shrinkage of the concrete includes:
(a) Spraying of water: on walls, and columns can be cured by sprinkling water.
(b) Wet covering of surface: can be cured by using the surface with wet gunny bags or straw
(c) Ponding: the horizontal surfaces including the slab and floors can be cured by stagnating the water.
(d) Steam curing: of pre-fabricated concrete units steam can be cured by passing it over the units that are under closed chambers. It allows faster curing process and results in faster recovery.
(e) Application of curing compounds: compounds having calcium chloride can be applied on curing surface. This keeps the surface wet for a very long time.

What do you understand by “preset” during the installation process of bridge bearings?

During the installation of bridge bearings the size of the upper plates is reduced to save the material costs. This process is known as preset. Generally the upper bearing plate comprises of the following components:
> Length of bearing
> 2 x irreversible movement.
> 2 x reversible movement.
The bearing initially is placed right in the middle point of the upper bearing plate. No directional effects of irreversible movement is considered. But since the irreversible movement usually takes place in one direction only the displaced direction is placed away from the midpoint. In such cases the length of the upper plate is equal to the length of the length of the bearing + irreversible movement + 2 x reversible movement.

Why are steel plates inserted inside bearings in elastomeric bearings?

In order to make a elastomeric bearing act/ function as a soft spring it should be made to allow it to bulge laterally and also the stiffness compression can be increased by simply increasing the limiting amount of the lateral bulging. In many cases in order to increase the compression stiffness of the bearing the usage of metal plates is made. Once steel plates are included in the bearings the freedom of the bulge is restricted dramatically, also the deflection of the bearing is reduced as compared to a bearing without the presence of steel plates. The tensile stresses of the bearings are induced into the steel plates. But the presence of the metal plates does not affect the shear stiffness of the bearings.

What reinforcements are used in the process of prestressing?

The major types of reinforcements used in prestressing are:
> Spalling Reinforcement: The spalling stresses leads to stress behind the loaded area of the anchor blocks. This results in the breaking off of the surface concrete. The most likely causes of such types of stresses are Poisson`s effects strain interoperability or by the stress trajectory shapes.
> Equilibrium reinforcements: This type of reinforcements are required where several anchorages exist where the prestressing loads are applied in a sequential manner.
> Bursting Reinforcements: These kinds of stresses occur in cases where the stress trajectories are concave towards the line of action of load. In order to reduce such stresses reinforcements in the form of bursting is required.

6. In the design of bridge arguments what considerations should be made to select the orientation of the wing walls?

Some of the most common arrangements of wing walls in cases of bridge arguments are as follows:
> Wing walls parallel to abutments: This method is considered to take least amount of time to build and is simple as well. But on the downside this method is not the most economical. The advantage of this type of design being that they cause the least amount of disturbance to the slope embankment.
> Wing walls at an angle to abutments: This design method is considered to be the most economical in terms of material cost.
> Wing walls perpendicular to abutments: The characteristic of this design is it provides an alignment continuous with the bridge decks lending a support to the parapets.

7. In case if concrete box girder bridges how is the number of cells determined?

When the depth of a box girder bridge exceed 1/6th or 1/5th of the bridge width then the design recommended is that of a single cell box girder bridge. But in case the depth of the bridge is lower than 1/6th of the bridge width then a twin-cell or in some cases multiple cell is the preferred choice. One should also note that even in the cases of wider bridges where there depths are comparatively low the number of cells should be minimized. This is so as there is noticeably not much improvement in the transverse load distribution when the number of cells of the box girder is higher than three or more.

8. Under what circumstances should pot bearings be used instead of elastomeric bearings?

Pot bearings are preferred over elastomeric bearings in situations where there are chances of high vertical loads in combinations of very large angle of rotations. Elastomeric bearings always require a large bearing surface so that a compression is maintained between the contact surfaces in between the piers and the bearings. This is not possible to maintained in high load and rotation environment. Also the usage of elastomeric bearings leads to the uneven distribution of stress on the piers. This results in some highly induced stresses to be targeted at the piers henceforth damaging them. Due to the above reasons pot bearings are preferred over elastomeric bearings in such cases.

9. Why should pumping be not used in case of concreting works?

During the pumping operation the pump exerted pressure must overcome any friction between the pumping pipes and the concrete, also the weight of the concrete and the pressure head when the concrete is placed above the pumps. Since only water is pump able, all the pressure generated is by the water that is present in the concrete. The major problem due to pumping are segregation effects and bleeding. In order to rectify and reduce these effects, generally the proportion of the cement is increased in order to increase the cohesion , which leads to the reduction of segregation and bleeding. Also if a proper selection of the aggregate grading can vastly improve the concrete pump ability.
 


10. Why should curing not be done by ponding and polythene sheets?

The primary purpose of curing is to reduce the heat loss of concrete that is freshly placed to the atmosphere and in order to reduce the temperature gradient across the cross-section of the concrete. Ponding is not preferred for curing as this method of thermal curing is greatly affected by cold winds. In addition to that in ponding large amounts of water is used and has to be disposed off from the construction sites. Polythene sheets are used on the basis that it creates an airtight environment around the concrete surface henceforth reducing the chances of evaporation over fresh concrete surfaces. But the usage of polythene can be a drawback as it can be easily blown away by winds and also the water lost by self-desiccation cannot be replenished.

--------------------------------------------------------------------------------------------------------

Top Most Importants interview qus of SOIL Mechanism For Civil Engg....

Soil Mechanics Interview Questions & Answers

 Soil Mechanics Interview Questions & Answers


Are you a graduate in civil engineering? Are you a person with a passion of construction and research then log on to www.wisdomjobs.com. Soil Mechanics is about the various properties of the soil to be used for various engineering construction works. They transfer their whole load to the soil to construct the foundation to retain these structures. It is an area in civil engineering that tackles the characteristics of soil, such as strength, composition, moisture and adaptability. It helps in resolving geological problems. It is concerned with the application of principles of hydraulics, mechanics and chemistry to engineering problems related to soils. So play a vital role in construction field as soil engineer, as an research associate or as geotechnical engineer or environmental engineer by looking into Soil Mechanics job interview question and answers given and grab a bright future.








Introduction XML in AJAX.....




Introducing XML in AJAX

Anyone who has carried out any HTML markup will already be somewhat familiar with the nature of XML code. XML (eXtensible Markup Language) has many similarities in markup style to HTML.
However, hereas HTML is intended to determine how web pages are displayed, XML has a rather more wide-ranging use. XML documents can be used in all manner of data storage and data exchange applications ranging from document storage and retrieval to roles traditionally fulfilled by database programs.

Why Do I Need To Know This?
One of the many uses of XML is for the transfer of structured information between applications. In Ajax you can use XML to return information from the server to your Ajax application, where it may be parsed and used.

What Is (and Isn’t) Covered in This Topic
In common with the other lessons in this section of the book, we do not attempt to offer a complete and thorough treatise on XML. Rather, this lesson covers the basics of the language and its application, concentrate ng mainly on those aspects relevant to your work with Ajax.



Top Most Imp's Interview Qus;s about AJAX..!!!

AJAX Interview Questions & Answers
AJAX Interview Questions & Answers

Question 1. What Is Ajax?
Answer :

AJAX (Asynchronous JavaScript and XML) is a newly coined term for two powerful browser features that have been around for years, but were overlooked by many web developers until recently when applications such as Gmail, Google Suggest, and Google Maps hit the streets.

Ajax isn’t a technology. It’s really several technologies, each flourishing in its own right, coming together in powerful new ways. Ajax incorporates:
* standards-based presentation using XHTML and CSS;
* dynamic display and interaction using the Document Object Model;
* data interchange and manipulation using XML and XSLT;
* Asynchronous data retrieval using XMLHttpRequest;
* JavaScript binding everything together.

Question 2. Who Is Using Ajax?
Answer :
Google is making a huge investment in developing the Ajax approach. All of the major products Google has introduced over the last year like Orkut, Gmail, the latest beta version of Google Groups, Google Suggest, and Google Maps are Ajax applications. (For more on the technical nuts and bolts of these Ajax implementations, check out these excellent analyses of Gmail, Google Suggest, and Google Maps.) Others are following suit: many of the features that people love in Flickr depend on Ajax, and Amazon’s A9.com search engine applies similar techniques.
These projects demonstrate that Ajax is not only technically sound, but also practical for real-world applications. This isn’t another technology that only works in a laboratory. Ajax applications can be any size, from the very simple, single-function Google Suggest to the very complex and sophisticated Google Maps.
At Adaptive Path, we’ve been doing our own work with Ajax over the last several months, and we’re realizing we’ve only scratched the surface of the rich interaction and responsiveness that Ajax applications can provide. Ajax is an important development for Web applications, and its importance is growing. The biggest challenges in creating Ajax applications are not technical. The core Ajax technologies are mature, stable, and well understood. As there are so many developers out there who already know how to use these technologies, we expect to see many more organizations following Google’s lead in reaping the competitive advantage Ajax provides.
The challenges are for the designers of these applications to forget what we think we know about the limitations of the Web, and begin to imagine a wider, richer range of possibilities

Question 3. How Ajax Is Different?
Answer :
An Ajax application eliminates the start-stop-start-stop nature of interaction on the Web by introducing an intermediary — an Ajax engine — between the user and the server. It seems like adding a layer to the application would make it less responsive, but the opposite is true.
Instead of loading a webpage, at the start of the session, the browser loads an Ajax engine — written in JavaScript and usually tucked away in a hidden frame. This engine is responsible for both rendering the interface the user sees and communicating with the server on the user’s behalf. The Ajax engine allows the user’s interaction with the application to happen asynchronously — independent of communication with the server. So the user is never staring at a blank browser window and an hourglass icon, waiting around for the server to do something.


The synchronous interaction pattern of a traditional web application (top) compared with the asynchronous pattern of an Ajax application (bottom).
Every user action that normally would generate an HTTP request takes the form of a JavaScript call to the Ajax engine instead. Any response to a user action that doesn’t require a trip back to the server  such as simple data validation, editing data in memory, and even some navigation the engine handles on its own. If the engine needs something from the server in order to respond if it’s submitting data for processing, loading additional interface code, or retrieving new data the engine makes those requests asynchronously, usually using XML, without stalling a user’s interaction with the application.
Question 4. Where Should I Start?
Answer :
Assuming the framework you are using does not suffice your use cases and you would like to develop your own AJAX components or functionality I suggest you start with the article Asynchronous JavaScript Technology and XML (AJAX) With Java 2 Platform, Enterprise Edition. If you would like to see a very basic example that includes source code you can check out the tech tip Using AJAX with Java Technology. For a more complete list of AJAX resources the Blueprints AJAX Home page.Next, I would recommend spending some time investigating AJAX libraries and frameworks. If you choose to write your own AJAX clients-side script you are much better off not re-inventing the wheel.
AJAX in Action by Dave Crane and Eric Pascarello with Darren James is good resource. This book is helpful for the Java developer in that in contains an appendix for learning JavaScript for the Java developer.
Question 5. Do Ajax Applications Always Deliver A Better Experience Than Traditional Web Applications?
Answer :
Not necessarily. Ajax gives interaction designers more flexibility. However, the more power we have, the more caution we must use in exercising it. We must be careful to use Ajax to enhance the user experience of our applications, not degrade it.

Question 6. Are Ajax Applications Easier To Develop Than Traditional Web Applications?
Answer :
Not necessarily. Ajax applications inevitably involve running complex JavaScript code on the client. Making that complex code efficient and bug-free is not a task to be taken lightly, and better development tools and frameworks will be needed to help us meet that challenge.

Question 7. Does Ajax Work With Java?
Answer :
Absolutely. Java is a great fit for AJAX! You can use Java Enterprise Edition servers to generate AJAX client pages and to serve incoming AJAX requests, manage server side state for AJAX clients, and connect AJAX clients to your enterprise resources. The JavaServer Faces component model is a great fit for defining and using AJAX components.

Question 8. Do I Really Need To Learn Javascript?

Answer :
Basically yes if you plan to develop new AJAX functionality for your web application. On the other hand, JSF components and component libraries can abstract the details of JavaScript, DOM and CSS. These components can generate the necessary artifacts to make AJAX interactions possible. Visual tools such as Java Studio Creator may also use AJAX enabled JSF components to create applications, shielding the tool developer from many of the details of AJAX. If you plan to develop your own JSF components or wire the events of components together in a tool it is important that you have a basic understanding of JavaScript. There are client-side JavaScript libraries (discussed below) that you can call from your in page JavaScript that abstract browser differences. Object Hierarchy and Inheritance in JavaScript is a great resource for a Java developer to learn about JavaScript objects.

Question 9. Won't My Server-side Framework Provide Me With Ajax?
Answer :
You may be benefiting from AJAX already. Many existing Java based frameworks already have some level of AJAX interactions and new frameworks and component libraries are being developed to provide better AJAX support. I won't list all the Java frameworks that use AJAX here, out of fear of missing someone, but you can find a good list at www.ajaxpatterns.org/Java_Ajax_Frameworks.
If you have not chosen a framework yet it is recommended you consider using JavaServer Faces or a JavaServer Faces based framework. JavaServer Faces components can be created and used to abstract many of the details of generating JavaScript, AJAX interactions, and DHTML processing and thus enable simple AJAX used by JSF application developer and as plug-ins in JSF compatible IDE's, such as Sun Java Studio Creator.

Question 10. Did Adaptive Path Invent Ajax? Did Google? Did Adaptive Path Help Build Google's Ajax Applications?
Answer :
Neither Adaptive Path nor Google invented Ajax. Google’s recent products are simply the highest-profile examples of Ajax applications. Adaptive Path was not involved in the development of Google’s Ajax applications, but we have been doing Ajax work for some of our other clients.

Question 11. Is It Possible To Set Session Variables From Javascript?
Answer :
It's not possible to set any session variables directly from javascript as it is purely a client side technology. You can use AJAX though to asynchronously...
Question 12. Cannot Parse Xml Generated By Jsp I Am Generating An Xml Using Jsp, When I Run The Jsp In Ie It Shows The Xml As Per Dom, But When I Try To Parse It Using Javascript , The Command Xmldoc.documentelement ?
Answer :
This is working code, it might help you.
if (!isIE)
xmldoc = req.responseXML;
else
{
//IE does not take the responseXML as.

Question 13. What Do I Need To Know To Create My Own Ajax Functionality?
Answer :
If you plan not to reuse and existing AJAX component, here are some of the things you will need to know.
Plan to learn Dynamic HTML (DHTML), the technology that is the foundation for AJAX. DHTML enables browser-base real time interaction between a user and a web page. DHTML is the combination of JavaScript, the Document Object Model (DOM) and Cascading Style Sheets (CSS).
JavaScript - JavaScript is a loosely typed object based scripting language supported by all major browsers and essential for AJAX interactions. JavaScript in a page is called when an event in a page occurs such as a page load, a mouse click, or a key press in a form element.
DOM - An API for accessing and manipulating structured documents. In most cases DOM represent the structure of XML and HTML documents.
CSS - Allows you to define the presentation of a page such as fonts, colors, sizes, and positioning. CSS allow for a clear separation of the presentation from the content and may be changed programmatically by JavaScript.
Understanding the basic request/response nature of HTTP is also important. Many subtle bugs can result if you ignore the differences between the GET and OIst methods when configuring an XMLHttpRequest and HTTP response codes when processing callbacks.
JavaScript is the client-side glue, in a sense. JavaScript is used to create the XMLHttpRequest Object and trigger the asynchronous call. JavaScript is used to parse the returned content. JavaScript is used to analyze the returned data and process returned messages. JavaScript is used to inject the new content into the HTML using the DOM API and to modify the CSS.

Question 14. What Javascript Libraries And Frameworks Are Available?
Answer :
There are many libraries/frameworks out there (and many more emerging) that will help abstract such things as all the nasty browser differences. Three good libraries are The Dojo Toolkit, Prototype, and DWR.
The Dojo Toolkit contains APIs and widgets to support the development of rich web applications. Dojo contains an intelligent packaging system, UI effects, drag and drop APIs, widget APIs, event abstraction, client storage APIs, and AJAX interaction APIs. Dojo solves common usability issues such as support for dealing with the navigation such as the ability to detect the browser back button, the ability to support changes to the URL in the URL bar for bookmarking, and the ability to gracefully degrade when AJAX/JavaScript is not fully support on the client. Dojo is the Swiss Army Knife of JavaScript libraries. It provides the widest range of options in a single library and it does a very good job supporting new and older browsers.
Prototype focuses on AJAX interactions including a JavaScript AJAX object that contains a few objects to do basic tasks such as make a request, update a portion of a document, insert content into a document, and update a portion of a document periodically. Prototype JavaScript library contains a set of JavaScript objects for representing AJAX requests and contains utility functions for accessing in page components and DOM manipulations. Script.aculo.us and Rico are built on top of Prototype and provide UI effects, support for drag and drop, and include common JavaScript centric widgets. If you are just looking to support AJAX interactions and a few basic tasks Prototype is great. If you are looking for UI effects Rico and Script.aculo.us are good options.
DWR (Dynamic Web Remoting) is a client-side and server-side framework that focuses on allowing a developer to do RPC calls from client-side JavaScript to plain old Java objects in a Java Enterprise Edition web container. On the server side DWR uses a Servlet to interact with the Java objects and returns object representations of the Java objects or XML documents. DWR will be easy to get up and running and plays well with other Java technologies. If you are looking for a client-side and server-side framework that integrates well use DWR.
There are many new and emerging libraries for JavaScript and this list only reviews some of the more common libraries. When making a choice choose the library which suites your needs the best. While it might be better to choose one, there is nothing stopping you from using more than one framework. For a more extensive list of client-side frameworks see: Survey of AJAX/JavaScript Libraries.

Question 15. What Is The Difference Between Proxied And Proxyless Calls?
Answer :
Proxied calls are made through stub objects that mimic your PHP classes on the JavaScript side. E.g., the helloworld class from the Hello World example.
Proxyless calls are made using utility javascript functions like HTML_AJAX.replace() and HTML_AJAX.append().

Question 16. Should I Use Xml Or Text, Javascript, Or Html As A Return Type?
Answer :
It depends. Clearly the 'X' in AJAX stands for XML, but several AJAX proponents are quick to point out that nothing in AJAX, per se, precludes using other types of payload, such as, JavaScript, HTML, or plain text.
XML - Web Services and AJAX seem made for one another. You can use client-side API's for downloading and parsing the XML content from RESTful Web Services. (However be mindful with some SOAP based Web Services architectures he payloads can get quite large and complex, and therefore may be inappropriate with AJAX techniqes.)
Plain Text - In this case server-generated text may be injected into a document or evaluated by client-side logic.
JavaScript - This is an extension to the plain text case with the exception that a server-side component passes a fragment of JavaScript including JavaScript object declarations. Using the JavaScript eval() function you can then create the objects on the client. JavaScript Object Notation (JSON), which is a JavaScript object based data exchange specification, relies on this technique.
HTML - Injecting server-generated HTML fragments directly into a document is generally a very effective AJAX technique. However, it can be complicated keeping the server-side component in sync with what is displayed on the client.
Mashup is a popular term for creating a completely new web application by combining the content from disparate Web Services and other online API's. A good example of a mashup is housingmaps.com which graphically combines housing want-ads from craiglist.org and maps from maps.google.com.
Question 17. Are There Usability Issues With Ajax?
Answer :
The nature of updating a page dynamically using data retrieved via AJAX interactions and DHTML may result in drastically changing the appearance and state of a page. A user might choose to use the browser's back or forward buttons, bookmark a page, copy the URL from the URL bar and share it with a friend via an email or chat client, or print a page at any given time. When designing an AJAX based application you need to consider what the expected behavior would be in the case of navigation, bookmarking, printing, and browser support as described below.
Navigation - What would be the expected behavior of the back, forward, refresh, and bookmark browser buttons in your application design. While you could implement history manipulation manually it may be easer to use a JavaScript frameworks such as Dojo that provides API's history manipulation and navigation control.
Bookmarking and URL sharing - Many users want to bookmark or cut and paste the URL from the browser bar. Dojo provides client-side for bookmarking and URL manipulation.
Printing - In some cases printing dynamically rendered pages can be problematic.
Other considerations as a developer when using AJAX are:
Browser Support - Not all AJAX/DHTML features are supported on all browsers or all versions of a browser. See quirksmode.org for a list of browser support and possible workarounds.
JavaScript disabled - You should also consider what happens if the user disables JavaScript. Additionally, there are several legitimate reasons why JavaScript and CSS support may be unavailable on a user's web browser.
Latency - Keep in mind latency in your design. A running application will be much more responsive than when it is deployed.
Latency problems: myth or reality?
Accessibility - Guaranteeing your site is accessible to people with disabilities is not only a noble goal, it is also requited by law in many markets. Some marvelous enabling technology is available to help people use the Web in spite of disabilities including visual, auditory, physical, speech, cognitive, and neurological disabilities. With a little forethought, and comprehension of some well documented best practices, you can assure that your application is compatible with that enabling technology.
Degradability is the term used to describe techniques used by web applications to adapt to the wide range of web browser capabilities. Many AJAX libraries have automatic degradability built in. But if you are coding your own custom AJAX functionality, simply taking some care to follow the best practices promoted by standards bodies like the World Wide Web Consortium (W3C), and grass root movements like the Web Standards community and many others, your application can run usefully on browsers that are incapable of AJAX behaviors. Granted, your application may loose some of the "wow factor" on these less capable browsers, but your application will still be usable.
Remember to not design with AJAX just for the sake of coolness. The reason you built your application is so people will use it. And people will not use your application if your application is not compatible with their web browser.

Question 18. Are There Any Frameworks Available To Help Speedup Development With Ajax?
Answer :
There are several browser-side frameworks available, each with their own uniqueness...

Question 19. Is Adaptive Path Selling Ajax Components Or Trademarking The Name? Where Can I Download It?
Answer :
Ajax isn’t something you can download. It’s an approach — a way of thinking about the architecture of web applications using certain technologies. Neither the Ajax name nor the approach is proprietary to Adaptive Path.

Question 20. Should I Use An Http Get Or Post For My Ajax Calls?
Answer :
AJAX requests should use an HTTP GET request when retrieving data where the data will not change for a given request URL. An HTTP POST should be used when state is updated on the server. This is in line with HTTP idempotency recommendations and is highly recommended for consistent web application architecture.

Question 21. How Do We Debug Javascript?
Answer :
There are not that many tools out there that will support both client-side and server-side debugging. I am certain this will change as AJAX applications proliferate. I currently do my client-side and server-side debugging separately. Below is some information on the client-side debuggers on some of the commonly used browsers.
Firefox/Mozilla/Netscape - Have a built in debugger Venkman which can be helpful but there is a Firefox add on known as FireBug which provides all the information and AJAX developer would ever need including the ability to inspect the browser DOM, console access to the JavaScript runtime in the browser, and the ability to see the HTTP requests and responses (including those made by an XMLHttpRequest). I tend to develop my applications initially on Firefox using Firebug then venture out to the other browsers.
Safari - Has a debugger which needs to be enabled. See the Safari FAQ for details.
Internet Explorer - There is MSDN Documentation on debugging JavaScript. A developer toolbar for Internet Explorer may also be helpful.
While debuggers help a common technique knowing as "Alert Debugging" may be used. In this case you place "alert()" function calls inline much like you would a System.out.println. While a little primitive it works for most basic cases. Some frameworks such as Dojo provide APIs for tracking debug statements.
Question 22. How Do I Provide Internationalized Ajax Interactions?
Answer :
Just because you are using XML does not mean you can properly send and receive localized content using AJAX requests. To provide internationalized AJAX components you need to do the following:
Step 1. Set the charset of the page to an encoding that is supported by your target languages. I tend to use UTF-8 because it covers the most languages. The following meta declaration in a HTML/JSP page will set the content type:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Step 2.In the page JavaScript make sure to encode any parameters sent to the server. JavaScript provides the escape() function which returns Unicode escape strings in which localized text will appear in hexadecimal format. For more details on JavaScript encoding seeComparing escape(), encodeURI(), and encode URI Component().
Step 3. On the server-side component set the character encoding using the HttpServletRequest.setCharacterEncoding() method. Before you access the localized parameter using the HttpServletRequest.getParameter() call. In the case of UTF this would be request .set Characther Encoding ("UTF-8");.
A server-side component returning AJAX responses needs to set the encoding of the response to the same encoding used in the page.
response.setContentType("text/xml;charset=;UTF-8");
response.getWriter().write(" <response>invalid </response>");
For more information on using AJAX with Java Enterprise Edition technologies see AJAX and Internationalization and for developing multi-lingual applications see Developing Multilingual Web Applications Using JavaServer Pages Technology.
Question 23. Some Of The Google Examples You Cite Don't Use Xml At All. Do I Have To Use Xml And/or Xslt In An Ajax Application?
Answer :
No. XML is the most fully-developed means of getting data in and out of an Ajax client, but there’s no reason you couldn’t accomplish the same effects using a technology like JavaScript Object Notation or any similar means of structuring data for interchange.
Question 24. When Do I Use A Synchronous Versus Asynchronous Request?
Answer :
 They don't call it AJAX for nothing! A synchronous request would block in page event processing and I don't see many use cases where a synchronous request is preferable.
Question 25. How Do I Handle Concurrent Ajax Requests?
Answer :
With JavaScript you can have more than one AJAX request processing at a single time. In order to insure the proper post processing of code it is recommended that you use JavaScript Closures. The example below shows an XMLHttpRequest object abstracted by a JavaScript object called AJAXInteraction. As arguments you pass in the URL to call and the function to call when the processing is done.
function AJAXInteraction(url, callback) {
var req = init();
req.onreadystatechange = processRequest;

unction init() {
if (window.XMLHttpRequest) {
return new XMLHttpRequest();
} else if (window.ActiveXObject) {
return new ActiveXObject("Microsoft.XMLHTTP");
}
}

function processRequest () {
if (req.readyState == 4) {
if (req.status == 200) {
if (callback) callback(req.responseXML);
}
}
}

this.doGet = function() {
req.open("GET", url, true);
req.send(null);
}

this.doPost = function(body) {
req.open("POST", url, true);
req.setRequestHeader("Content-Type", "
application/x-www-form-urlencoded");
req.send(body);
}
}

function makeRequest() {
var ai = new AJAXInteraction("processme",
function() { alert("Doing Post Process");});
ai.doGet();
}
The function makeRequest() in the example above creates an AJAXInteraction with a URL to of "processme" and an inline function that will show an alert dialog with the message "Doing Post Process". When ai.doGet() is called the AJAX interaction is initiated and when server-side component mapped to the URL "processme" returns a document which is passed to the callback function that was specified when the AJAXInteraction was created.
Using this closures insures that the proper callback function associated with a specific AJAX interaction is called. Caution should still be taken when creating multiple closure objects in that make  XmlHttpRequests as to there is a limited number of sockets that are used to make requests at any given time. Because there are limited number of requests that can be made concurrently. Internet Explorer for example only allows for two concurrent AJAX requests at any given time. Other browsers may allow more but it is generally between three and five requests. You may choose to use pool of AJAXInteraction objects.
One thing to note when making multiple AJAX calls from the client is that the calls are not guaranteed to return in any given order. Having closures within the callback of a closure object can be used to ensure dependencies are processed correctly. There is a discussion titled Ajaxian Fire and Forget Pattern that is helpful.

Question 26. What Do I Do On The Server To Interact With An Ajax Client?
Answer :
The "Content-Type" header needs to be set to"text/xml". In servlets this may be done using the HttpServletResponse.setContentType()should be set to "text/xml" when the return type is XML. Many XMLHttpRequest implementations will result in an error if the "Content-Type" header is set The code below shows how to set the "Content-Type".
response.setContentType("text/xml");
response.getWriter().write("<response>invalid</response>");
You may also want to set whether or not to set the caches header for cases such as autocomplete where you may want to notify proxy servers/and browsers not to cache the results.
response.setContentType("text/xml");
response.setHeader("Cache-Control", "no-cache");
response.getWriter().write("<response>invalid</response>");
Note to the developer: Internet Explorer will automatically use a cached result of any AJAX response from a HTTP GET if this header is not set which can make things difficult for a developer. During development mode you may want set this header. Where do I store state with an AJAX client

As with other browser based web applications you have a few options which include:
On the client in cookies - The size is limited (generally around 4KB X 20 cookies per domain so a total of 80KB) and the content may not be secure unless encrypted which is difficult but not impossible using JavaScript.
On the client in the page - This can be done securely but can be problematic and difficult to work with. See my blog entry on Storing State on the Client for more details on this topic.
On the client file system - This can be done if the client grants access to the browser to write to the local file system. Depending on your uses cases this may be necessary but caution is advised.
On the Server - This is closer to the traditional model where the client view is of the state on the server. Keeping the data in sync can be a bit problematic and thus we have a solution Refreshing Data on this. As more information processing and control moves to the client where state is stored will need to be re-evaluated.

Question 27. Whats With The -alpha In The Install Instructions?
Answer :
HTML_AJAX hasn't had a stable release yet and the pear installer doesn't install non stable packages by default unless you specify a version.

Question 28. How Do I Submit A Form Or A Part Of A Form Without A Page Refresh?
Answer :
When creating a form make sure that the "form" element "onSubmit" attribute is set to a JavaScript function that returns false.
<form onSubmit="doAJAXSubmit();return false;" >
<input type="text" id="tf1" />
<input type="submit" id="submit1" value="Update"/>
</>
You can also submit data by associating a function with a form button in a similar way.
<form onSubmit="doAJAXSubmit();return false;" >
<input type="text" id="tf1" />
<input type="button" id="button1" onClick="doAJAXSubmit()" value="Update"/>
</>
Note that the form "onSubmit" attribute is still set. If the user hits the enter key in the text field the form will be submitted so you still need to handle that case.
When updating the page it is recommend you wait to make sure that the AJAX update of the form data was successful before updating the data in the page. Otherwise, the data may not properly update and the user may not know. I like to provide an informative message when doing a partial update and upon a successful AJAX interaction I will then update the page.

Question 29. How Do I Test My Ajax Code?
Answer :
There is a port of JUnit for client-side JavaScript called JsUnit.

Question 30. What Exactly Is The W3c Dom?
Answer :
The W3C Document Object Model (DOM) is defined by the W3C as the following: The Document Object Model is a platform- and language-neutral interface.

Question 31. When Will Html_ajax Have A Stable Release?
Answer :
Once all the major features are complete and the API has been tested, the roadmap gives an idea of what is left to be done.

Question 32. What Parts Of The Html_ajax Api Are Stable?
Answer :
We don't have a list right now, but most of the API is stable as of 0.3.0. There should be no major changes at this point, though there will be lots of new additions.

Question 33. What Browsers Does Html_ajax Work With?
Answer :
We don't have a list right now, but most of the API is stable asAs of 0.3.0, all the examples that ship with HTML_AJAX have been verified to work with
Firefox 1.0+
Internet Explorer 5.5+ (5.0 should work but it hasn't been tested)
Most things work with
Safari 2+
Opera 8.5+ of 0.3.0. There should be no major changes at this point, though there will be lots of new additions.
Question 34. Is The Server Or The Client In Control?
Answer :
It depends. With AJAX the answer is more in between. Control can be more centralized in a server-side component or as a mix of client-side and server-side controllers.
Centralized server-side controller - When having a more centralized controller the key is to make sure the data in client-side page is in sync with that of the server. Some applications may keep all the state on the server and push all updates to client DOM via a simple JavaScript controller.
Client and server-side controllers - This architecture would use JavaScript to do all presentation related control, event processing, page manipulation, and rendering of model data on the client. The server-side would be responsible for things such as business logic and pushing updated model data to the client. In this case the server would not have intimate knowledge of the presentation short of the initial page that would be sent to the client page request.
There are some use cases where an entire AJAX application can be written in a single page. Keep in mind if you choose this type of architecture that navigation and bookmarking should be considered.
Both methods are viable depending on what you are trying to accomplish. I tend to prefer spreading the control across the client and server.
Question 35. Is Ajax Just Another Name For Xmlhttprequest?
Answer :
No. XMLHttpRequest is only part of the Ajax equation. XMLHttpRequest is the technical component that makes the asynchronous server communication possible; Ajax is our name for the overall approach described in the article, which relies not only on XMLHttpRequest, but on CSS, DOM, and other technologies.
Question 36. How Do I Abort The Current Xmlhttprequest?
Answer :
Just call the abort() method on the request.
Question 37. What Is The Minimum Version Of Php That Needs To Be Running In Order To Use Html_ajax?
Answer :
The oldest PHP version i've fully tested HTML_AJAX is 4.3.11, but it should run on 4.2.0 without any problems. (Testing reports from PHP versions older then 4.3.11 would be appreciated.)
Question 38. Why Does Html_ajax Hang On Some Server Installs?
Answer :
If you run into an HTML_AJAX problem only on some servers, chances are your running into a problem with output compression. If the output compression is handled in the PHP config we detect that and do the right thing, but if its done from an apache extension we have no way of knowing its going to compress the body. Some times setting HTML_AJAX::sendContentLength to false fixes the problem, but in other cases you'll need to disabled the extension for the AJAX pages.
I've also seen problems caused by debugging extensions like XDebug, disabling the extension on the server page usually fixes that. Questions dealing with Using HTML_AJAX, and general JavaScript development
Question 39. How Do We Get The Xmlhttprequest Object?
Answer :
Depending upon the browser...
if (window.ActiveXObject)
{
// Internet Explorer http_request = new ActiveXObject("Microsoft.XMLHTTP");
}
else if.
Question 40. Are There Any Security Issues With Ajax?
Answer :
JavaScript is in plain view to the user with by selecting view source of the page. JavaScript can not access the local file system without the user's permission. An AJAX interaction can only be made with the servers-side component from which the page was loaded. A proxy pattern could be used for AJAX interactions with external services.
You need to be careful not to expose your application model in such as way that your server-side components are at risk if a nefarious user to reverse engineer your application. As with any other web application, consider using HTTPS to secure the connection when confidential information is being exchanged.
Question 41. What About Applets And Plugins?
Answer :
Don't be too quick to dump your plugin or applet based portions of your application. While AJAX and DHTML can do drag and drop and other advanced user interfaces there still limitations especially when it comes to browser support. Plugins and applets have been around for a while and have been able to make AJAX like requests for years. Applets provide a great set of UI components and APIs that provide developers literally anything.
Many people disregard applets or plugins because there is a startup time to initialize the plugin and there is no guarantee that the needed version of a plugin of JVM is installed. Plugins and applets may not be as capable of manipulating the page DOM. If you are in a uniform environment or can depend on a specific JVM or plugin version being available (such as in a corporate environment) a plugin or applet solution is great.
One thing to consider is a mix of AJAX and applets or plugins. Flickr uses a ombination of AJAX interactions/DHTML for labeling pictures and user interaction and a plugin for manipulating photos and photo sets to provide a great user experience. If you design your server-side components well they can talk to both types of clients.

Question 42. Is Ajax Code Cross Browser Compatible?
Answer :
Not totally. Most browsers offer a native XMLHttpRequest JavaScript object, while another one (Internet Explorer) require you to get it as an ActiveX object....

Question 43. Techniques For Asynchronous Server Communication Have Been Around For Years. What Makes Ajax A "new" Approach?
Answer :
What’s new is the prominent use of these techniques in real-world applications to change the fundamental interaction model of the Web. Ajax is taking hold now because these technologies and the industry’s understanding of how to deploy them most effectively have taken time to develop.

Question 44. Is Ajax A Technology Platform Or Is It An Architectural Style?
Answer :
It’s both. Ajax is a set of technologies being used together in a particular way.

Question 45. How Do I Handle The Back And Forward Buttons?
Answer :
While you could go out and create a custom solution that tracks the current state on your application I recommend you leave this to the experts. Dojo addresses the navigation in a browser neutral way as can be seen in the JavaScript example below.
function updateOnServer(oldId, oldValue,
itemId, itemValue) {
var bindArgs = {
url:  "faces/ajax-dlabel-update",
method: "post",
content: {"component-id": itemId, "component-value":
itemValue},
mimetype: "text/xml",
load: function(type, data) {
processUpdateResponse(data);
},
backButton: function() {
alert("old itemid was " + oldId);
},
forwardButton: function(){
alert("forward we must go!");
}
};
dojo.io.bind(bindArgs);
}
The example above will update a value on the server using dojo.io.bind() with a function as a property that is responsible for dealing with the browser back button event. As a developer you are capable of restoring the value to the oldValue or taking any other action that you see fit. The underlying details of how the how the browser button event are detected are hidden from the developer by Dojo.
AJAX: How to Handle Bookmarks and Back Buttons details this problem and provides a JavaScript library Really Simple History framework (RSH) that focuses just on the back and forward issue.
Question 46. How Does Html_ajax Compare With The Xajax Project At Sourceforge?
Answer :
XAJAX uses XML as a transport for data between the webpage and server, and you don't write your own javascript data handlers to manipulate the data received from the server. Instead you use a php class and built in javascript methods, a combination that works very similiar to the HTML_AJAX_Action class and haSerializer combo. XAJAX is designed for simplicity and ease of use.
HTML_AJAX allows for multiple transmission types for your ajax data - such as urlencoding, json, phpserialized, plain text, with others planned, and has a system you can use to write your own serializers to meet your specific needs. HTML_AJAX has a class to help generate javascript (HTML_AJAX_Helper) similiar to ruby on rail's javascript helper (although it isn't complete), and an action system similiar to XAJAX's "action pump" that allows you to avoid writing javascript data handlers if you desire.
But it also has the ability to write your own data handling routines, automatically register classes and methods using a server "proxy" script, do different types of callbacks including grabbing remote urls, choose between sync and async requests, has iframe xmlhttprequest emulation fallback capabilities for users with old browsers or disabled activeX, and is in active development with more features planned (see the Road Map for details)
HTML_AJAX has additional features such as client pooling and priority queues for more advanced users, and even a javascript utility class. Although you can use HTML_AJAX the same way you use XAJAX, the additional features make it more robust, extensible and flexible. And it is a pear package, you can use the pear installer to both install and keep it up to date.
If you're asking which is "better" - as with most php scripts it's a matter of taste and need. Do you need a quick, simple ajax solution? Or do you want something that's flexible, extensible, and looking to incorporate even more great features? It depends on the project, you as a writer, and your future plans.
Question 47. What Browsers Support Ajax?
Answer :
Internet Explorer 5.0 and up, Opera 7.6 and up, Netscape 7.1 and up, Firefox 1.0 and up, Safari 1.2 and up, among others.
Question 48. How Do I Send An Image Using Ajax?
Answer :
While it may appear that images are being sent when using AJAX with an application like Google Maps what is really happening is that the URLs of images are being send as the response of an AJAX request and those URLs are being set using DHTML.
In this example an XML document is returned from an AJAX interaction and the category bar is populated.
<categories>
<category>
<cat-id>1</cat-id>
<name>Books</name>
<description>Fun to read</description>
<image-url>books_icon.gif</image-url>
</category>
<category>
<cat-id>2</cat-id>
<name>Electronics</name>
<description>Must have gadgets</description>
<image-url>electronics.gif</image-url>
</category>
</categories>
Notice that the image-url element contains the location of the URL for the image representing a category. The callback method of an AJAX interaction will parse the response XML document and call the addCategory function for each category included in the response XML document. The addCategory function looks up a table row element "categoryTable" in body of the page and adds a row to the element which contains the image.
<scrip type="text/javascript" >
...
function addCategory(id, name, imageSrc) {
var categoryTable = document.getElementById("categoryTable");
var row = document.createElement("tr");
var catCell = document.createElement("td");
var img = document.createElement("img");
img.src = ("images\" + imageSrc);
var link = document.createElement("a");
link.className ="category";
link.appendChild(document.createTextNode(name));
link.setAttribute("onclick", "catalog?command=category&catid=" + id);
catCell.appendChild(img);
catCell.appendChild(link);
row.appendChild(catCell);
categoryTable.appendChild(row);
}
</script>
...
<table>
<tr>
<td width="300" bgoclor="lightGray">
<table id="categoryTable" border="0" cellpadding="0"></table>
</td>
<td id="body" width="100%">Body Here</td>
</tr>
</table>
Note that the source of the image is set to the image source. The image is loaded by a subsequent HTTP request for the image at the URL "images/books_icon.gif" or "images/electronic_icon.gif" that occurs when the img element is added to the categoryTable.

Question 49. Will Html_ajax Integrate With Other Javascript Ajax Libraries Such As Scriptaculous? How Would This Integration Look Like?
Answer :
HTML_AJAX doesn't have specific plans to integrate with other JavaScript libraries. Part of this is because external dependencies make for a more complicated installation process. It might make sense to offer some optional dependencies on a library like scriptaculous automatically using its visual effects for the loading box or something, but there isn't a lot to gain from making default visuals like that flashier since they are designed to be asily replaceable.
Most integration would take place in higher level components. Its unclear whether higher level components like that should be part of HTML_AJAX delivered through PEAR or if they should just be supported by HTML_AJAX and made available from http://htmlajax.org or some other site. If your interested in building widgets or components based on HTML_AJAX please let me know.
HTML_AJAX does however offer the ability to use its library loading mechanism with any JavaScript library. I use scriptaculous in conjunction with HTML_AJAX and I load both libraries through the server.
To do this you just need to register the library with your server and load add its flag to your include line.
<?php
$this->server->registerJSLibrary('scriptaculous',
array('prototype.js','scriptaculous.js','builder.js','
effects.js','dragdrop.js','controls.js','slider.js'),
'/pathto/scriptaculous/');
?>
<script type="text/javascrpt" src="server.php?client=scriptaculous">
</script>

Question 50. When Should I Use A Java Applet Instead Of Ajax?
Answer :
Applets provide features like custom data streaming, graphic manipulation, threading, and advanced GUIs which AJAX cannot.
However, with the help of DHTML, the functionalities of AJAX can be extended further.
AJAX requires that the browser be DHTML and AJAX capable.
AJAX-based functionality does need to take browser differences into consideration due to which using a JavaScript library such as Dojo which abstracts browser differences is recommended.
AJAX/DHTML works well for applications where the latest browsers are used.
Question 51. What Kinds Of Applications Is Ajax Best Suited For?
Answer :
We don’t know yet. Because this is a relatively new approach, our understanding of where Ajax can best be applied is still in its infancy. Sometimes the traditional web application model is the most appropriate solution to a problem.
Question 52. Does This Mean Adaptive Path Is Anti-flash?
Answer :
Not at all. Macromedia is an Adaptive Path client, and we’ve long been supporters of Flash technology. As Ajax matures, we expect that sometimes Ajax will be the better solution to a particular problem, and sometimes Flash will be the better solution. We’re also interested in exploring ways the technologies can be mixed (as in the case of Flickr, which uses both).
Question 53. Where Can I Find Examples Of Ajax?
Answer :
While components of AJAX have been around for some time (for instance, 1999 for XMLHttpRequest), it really didn't become that popular until Google took. But Global Guide Line guide all of its viewers to learn AJAX from absolute beginner to advance level.
Question 54. What Is The Xmlhttprequest Object?
Answer :
It offers a non-blocking way for JavaScript to communicate back to the web server to update only part of the web page.
Question 55. Does Ajax Have Significant Accessibility Or Browser Compatibility Limitations? Do Ajax Applications Break The Back Button? Is Ajax Compatible With Rest? Are There Security Considerations With Ajax Development? Can Ajax Applications Be Made To Work For Users Who Have Javascript Turned Off?
Answer :
The answer to all of these questions is “maybe”. Many developers are already working on ways to address these concerns. We think there’s more work to be done to determine all the limitations of Ajax, and we expect the Ajax development community to uncover more issues like these along the way.
Question 56. How Do I Access Data From Other Domains To Create A Mashup With Java?
Answer :
From your JavaScript clients you can access data in other domains if the return data is provide in JSON format. In essence you can create a JavaScript client that runs operates using data from a different server. This technique is know as JSON with Padding or JSONP. There are questions as to whether this method is secure as you are retrieving data from outside your domain and allowing it to be excuted in the context of your domain. Not all data from third parties is accessible as JSON and in some cases you may want an extra level of protection. With Java you can provide a proxy to third party services using a web component such as a servlet. This proxy can manage the communication with a third party service and provide the data to your clients in a format of your choosing. You can also cache data at your proxy and reduce trips to service. For more on using a Java proxy to create mashups see The XmlHttpProxy Client for Java.
Question 57. Does Java Have Support For Comet Style Server-side Push?
Answer :
Current AJAX applications use polling to communicate changes data between the server and client. Some applications, such as chat applications, stock tickers, or score boards require more immediate notifications of updates to the client. Comet is an event based low latency server side push for AJAX applications. Comet communication keeps one of the two connections available to the browser open to continuously communicate events from the server to the client. A Java based solution for Comet is being developed for Glassfish on top of the Grizzly HTTP connector. See Enabling Grizzly by Jean-Francois Arcand for more details.
Question 58. How Do We Create A Thread To Do Ajax Polling?
Answer :
JavaScript does not have threads. JavaScript functions are called when an event happens in a page such as the page is loaded, a mouse click, or a form element gains focus. You can create a timer using the set Timeout which takes a function name and time in milliseconds as arguments. You can then loop by calling the same function as can be seen in the JavaScript example below.
function checkForMessage() {
// start AJAX interaction with processCallback as the callback function
}

// callback for the request
function processCallback() {
// do post processing
setTimeout("checkForMessage()", 10000);
}
Notice that the checkForMessage will continue to loop indefinitely. You may want to vary the increment the interval based on activity in the page or your use cases. You may also choose to have logic that would break out of the loop based on some AJAX response processing condition.
Question 59. Is The Xmlhttprequest Object Part Of A W3c Standard?
Answer :
No. Or not yet. It is part of the DOM Level 3 Load and Save Specification proposal.
Question 60. How Does One Call A Javascript Function From The Ajax Code?
Answer :
Ajax is a form of JavaScript, which uses XML Http Request objects that take action event parameters into a method called “open”. The term AJAX symbolizes Asynchronous Java script and XML, wherein there is no order in which the requests and responses are tracked.”XMLHttpRequest.open” takes action events as URL Parameters. On the other hand, “XMLHttp Request.send” sends the Request object either asynchronously or synchronously, depending on whether the option for the synchronous version is true or false.
Question 61. Can You List Some Examples Of Ajax-based Applications?
Answer :
Some applications and scenarios in which AJAX is utilized include login forms, auto-complete (e,g. Google search ), voting and rating systems, updating with user content, form submission and validation, chat rooms and instant messaging, Slicker UIs, external widgets, light-boxes (as opposed to pop-ups), and Flash (e.g. Flash games).
Question 62. Is Ajax A Browser-dependent Or A Browser-independent Script?
Answer :
AJAX is a browser-dependent technology. The Ajax engine runs on Firefox, Opera 8, Safari and later Mozilla builds, and the Microsoft ActiveX object.
Question 63. Describe The Animation Extender Control And The Method By Which This Control Is Utilized?
Answer :
The Animation Extender control permits you to program fluid animations to the controls that you put on the page. This control allows you to program elements that can move around the page based upon specific end user triggers (such as a button click). There are specific events available against which to program your animations. These events include “OnClick,” “OnHoverOver”, “OnHoverOut”, “OnLoad,” “OnMouseOver,” and
“OnMouseOut,” which are to be constructed as:
<ajaxtoolkit:AnimationExtender id=”ani” targetcontrolid=”anipanel” runat=”Server”>
<asp:panel id—“anipanel” runat=”server”>
</ajaxtoolkit:AnimationExtender>
Question 64. Does Load Runner Support Ajax Apps?
Answer :
Load Runner supports AJAX Apps. However, Ajax protocols in Load Runner are not as efficient as they are in HTTP. Yet, using HTTP to record AJAX web requires copious custom coding. AJAX protocols heavily depend on memory, and running more than 2GB of ram could cause the machine to freeze.
Question 65. Describe The Process And Benefits Of Using The Always Visible Control Extender?
Answer :
The Always Visible Control Extender authorizes a control to be pinned to a particular location. For example, when a control has been permanently set to be present at the left corner of the page, the control will be so in the prescribed left and right co-ordinates. This placement will apply, whenever the page is resized or scrolled.
Question 66. What Are Synchronous And Asynchronous Ajax Requests?
Answer :
During the initiation of synchronous requests, the script desists and awaits a reply from the server before proceeding; but during the initiation of asynchronous requests, the script sanctions the procession of the page and handles the reply.
Question 67. How We Can Send More Values Through The Response Text?
Answer :
We can send text values with the concatenation of ‘I’ operator and by splitting with the pipe operator like ’responseText.split(‘|’);’ If done properly, we would receive an array of our text. Now, we can access it, or we can use JSQN to send multiple text values in a array format.
Question 68. What Is The Predominant Distinction Between Javascript And J-query?
Answer :
JavaScript is a language, while j-query is merely a library written using JavaScript. This library is light-weight, cross-browser compatible, and simple. One can also assert that j-query is a plugin used to build function.
Question 69. When Should We Use A Java Applet Instead Of Ajax?
Answer :
Many amazing things can be done with AJAX/DHTML, but there are limitations. AJAX and applets can be used together in the same UIs, with AJAX providing the basic structure and applets providing more advanced functionality. The java applet can communicate to JavaScript using the Live-Connect APIs. One should not ask: “should we use AJAX or applets?” Instead, one should discover which technology best fits your needs. In summary, AJAX and applets need not be mutually exclusive.

Question 70. What Is The Difference Between A Destructor And A Garbage Collector?
Answer :
A destructor is a special member function of a class called as soon as an object is de-allocated, while a garbage collector is either a program or an application that de-allocates the memory of a formerly unreachable object.

------------------------------------------------------------------------------------------------------------