When you're creating Ajax applications, unless you're using only others' web services, you'll be creating your own. When developing web services, you have choices such as whether to provide a public interface, and if so, what is your plan if your service suddenly becomes popular? If you do decide to keep your services private, what kind of security do you need to ensure this privacy?

In the hours before del.icio.us released its tagometer, web widgets that show tags associated with a page, a discussion broke out about its JSON endpoint. "Why not provide an API that provides XML or supports other services?" was the comment. Of course, once the badges were released, it became obvious that the JSON endpoint was for use in these badges, but by that time, enough interest was generated that the company that owns del.icio.us (Yahoo!) left the endpoint "exposed."

This is an excellent demonstration of the dangers inherent to an Ajax application—if the data is easy for your application to access, it could also be easy for other people to access. The question then becomes, "Do you want to expose your web service APIs or endpoints to external access?"

If yours becomes a popular service, you could be looking at a significant expense in bandwidth and server costs, but think of all the free publicity, not to mention the goodwill you'll accrue.

If you do provide a popular service, and bandwidth and resource usage becomes a problem, one way you can cut costs is ...