Security Software Conflicts with AJAX?

ithyus needs help with the following: "My employer is running an e-commerce site that, until recently, our customers were quite happy to use. With increased traffic to the site we decided to implement AJAX to try to reduce the load on our database servers. In doing so, our customers have experienced all kinds of problems with security/privacy software such as Norton and McAfee. It seems that no matter what we do we can't make these programs happy. Bigger companies such as Google have documented work arounds for some of them, but we wouldn't be able to keep our docs current with all the software that's presently out there. I'd really like to know how Slashdot's readers have handled these issues. Since security programs don't appear to be compatible with the emerging features of the Internet, do you simply suggest that the customer disable the offending software or do you opt to offer some support for the more popular ones? Are those really the only two options? How do you justify your method?"

No way out

[unity100]

First, Ajax is not going to reduce your database load, if you do not use it like a cache for already performed query results in remote client pc. And even in that case, if you use query caching (in mysql for example), as most common queries will have been already cached, they wouldnt incur as much load as they would as they will be pulled out of the cache without an extra new query. Even if you go for "using as a cache to store the content in remote client pc" route, than there is the matter of uploading loads of content that many clients will not be even attempting to view, and in congested network routes your site might seem as being slow to come up.

As for security matter, there is indeed no way out i believe :

You, no matter what you use, are utilizing a remote processing power in a remote pc to process the content. That is actual compilaton of some sort of code to do something, and that is not just getting a plain text format html code and visually putting it in place.

As we have experienced that even images can be used to embed viruses, it is no joke or no surprise that there will come up viruses/exploits that are going to use such and such procedures of Ajax in ways unimaginable now to do mischief. Java is already something that the anti-virus guys and people are wary about, it is widely exploited to plant a phletora of stuff in visitor pcs. Just type "porn" to google, and visit the 10 sites that come up, or go deeper from a link, and voila, an example for the above situation.

Anti virus is never going to be easy and happy with ajax, that is for sure.

Anything that takes the work to client pcs can be exploited for mischief.