Google’s AJAX Generator

As reported by Slashdot, Google has announced the Google Web Toolkit (GWT) which allows web developers to create AJAX applications in Java. The GWT then translates the Java code into client-side code. The client-side code is either Java bytecode (“hosted mode”) during development or JavaScript and HTML (“web mode”) for production deployment.

It should be noted that the GWT is not without privacy concerns. As clearly stated by Google, hosted mode does send some information back to Google:

Privacy notice: When you use the Google Web Toolkit’s hosted web browser, the application sends a request back to Google’s servers to check to see if you are using the most recent version of the product. As a part of this request, Google will log usage data including a timestamp of the date and time you downloaded the Google Web Toolkit and the IP address for your computer. We won’t log cookies or personal information about you, and we will use any data we log only in the aggregate to operate and improve the Google Web Toolkit and other Google Services. Please see the Google Privacy Policy for more information.

Since this information is only sent in hosted mode, it will mostly apply to developers. A deployed system would use web mode which does not appear to contact Google. Of course, depending on the security requirements of a deployed application, one would want to audit the generated JavaScript and HTML code as a bug (or worse) in the GWT could lead to security holes. To see what I mean, read the classic Ken Thompson’s ACM Turing Award lecture, Reflections on Trusting Trust (PDF).

While this kind of technology has been around for a while, the fact that Google has published their own toolkit may lead to a de facto standard. I expect to take the GWT for a spin soon.

Leave a Reply