Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do we not see much AJAX in secure applications like internet banking?

Can someone list with references / evidences if possible, why we don't see much AJAX in secure web applications like internet banking?

For instance - Internet banking has a list of tabs for Accounts, Payments, Tools, Reports. Normally you'd see these implemented as links to different pages. Why couldn't you just have one page and use AJAX to load the content of the different tabs? (eg. a JSF RichFaces tab control)

I'm assuming that bookmarking and handling the back button (or disabling it as is common for internet banking) for the different URLS will be handled in either scenario. So I'd like to hear other things, like how it could affect security, performance etc?

My team is about to start building a web based payment management system (think setting up payments, managing client account balances, reconciliation etc.). Its not going to be making the actual payments, but it will at some point integrate with a leading bank's internet banking system.

We're divided over using one page and using AJAX for everything else

or

using AJAX only where its really helping user experience.

like image 639
Moin Zaman Avatar asked Oct 06 '10 17:10

Moin Zaman


2 Answers

I have a counterexample for you. I'd say mint.com fits into the same category as internet banking sites, and they make heavy use of Ajax. I'd also hazard a guess that their security is better than most banks, but I have no proof of that. The banks just "feel" like they're cobbled together by Highly Paid Consultants, rather than developers who know what they're doing. Mint is a fairly recent startup, and their site design still shows the control the developers have/had.

like image 23
rmeador Avatar answered Oct 23 '22 04:10

rmeador


Ajax can improve usability but adds complexity.

  • http://www.useit.com/alertbox/web-2.html

Banks need security.

  • http://www.which.co.uk/money/bank-accounts/reviews-ns/online-banking-security/compare-online-banking-security/

Complexity is the enemy of security.

  • https://www.schneier.com/blog/archives/2018/06/thomas_dullien_.html
  • http://www.educause.edu/Resources/SecurityStandardsComplexityIst/162968
  • http://portal.acm.org/citation.cfm?id=1218063.1217951

Therefore Ajax is the enemy of Banks ;)

like image 117
Day Avatar answered Oct 23 '22 06:10

Day