Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Software Conflicts with AJAX?

Posted by ryuzaki0 on from the when-code-collides dept.

ithyus needs help with the following: "My employer is running an e-commerce site that, until recently, our customers were quite happy to use. With increased traffic to the site we decided to implement AJAX to try to reduce the load on our database servers. In doing so, our customers have experienced all kinds of problems with security/privacy software such as Norton and McAfee. It seems that no matter what we do we can't make these programs happy. Bigger companies such as Google have documented work arounds for some of them, but we wouldn't be able to keep our docs current with all the software that's presently out there. I'd really like to know how Slashdot's readers have handled these issues. Since security programs don't appear to be compatible with the emerging features of the Internet, do you simply suggest that the customer disable the offending software or do you opt to offer some support for the more popular ones? Are those really the only two options? How do you justify your method?"

6 of 84 comments (clear)

  1. Answered Own Question? by conJunk · · Score: 3, Insightful

    ummm.... You answered your own question, didn't you? The like to Google's "work arounds" seems to be the answer. These aren't work arounds, they're specific steps for authorizing your site with the AV software. Just make your own document similar to google's and direct customers to it.

  2. Don't ask customers to be vulnerable by Siergen · · Score: 3, Insightful

    Over the years I have had 3 on-line merchants ask me to disable or uninstall my network security software to access their site. I immediately stopped shopping at each of them. They were not selling anything worth the risk of being connected to the Internet with no protection, and I doubt that you are selling anything worth that risk either...

  3. You know... by NeoThermic · · Score: 4, Insightful

    There is a quick and simple answer to this one. Detect if the AJAX is not working (or let the user specifiy they do not wish to use AJAX), and send a document that can do the same end results as the AJAX version, but (and wait for it), without AJAX.

    If you are designing programs that can be potentially used by many thousands of users, you can not afford to write programs that only cater for those who wish to play by *your* game. A good few of them will refuse and use another software.

    NeoThermic

    --
    Use my link above, or to view my server, NeoThermic.com
  4. Graceful degradation usually fixes this by Bogtha · · Score: 4, Insightful

    The kinds of things security software disables should be non-essential anyway. For instance, ActiveX disabled in Internet Explorer will stop you from using XMLHttpRequest, but that throws an error that you can catch, and your fallback behaviour for non-JavaScript users can be used.

    Whenever I see somebody complaining about software interference with web applications, it's virtually always because they've cut corners and neglected to code appropriate fallback behaviour when browsers don't support a particular feature. Unfortunately, it's impossible to give you specific advice because you've unhelpfully neglected to mention anything specific at all about the problems you are having.

    As somebody else mentioned, if your goal is to reduce load on your databases, then this can be achieved through other means. For instance, caching (both page fragments, and HTTP caching) can significantly reduce load if most of your transactions are reads that apply to multiple users.

    --
    Bogtha Bogtha Bogtha
  5. Re:Eh? by Bogtha · · Score: 5, Informative

    Explain to me how creating more HTTP requests by using AJAX is going to decrease your database load.

    Simple. Let's take Slashdot moderation as an example. Last time I saw it, it included a drop-down for each comment, and the ability to submit your moderation for all comments. When the form is submitted, the user-agent transmits the moderation status for each comment to the server, and reloads the entire page. This entails not only wasting bandwidth (by transmitting all comment statuses instead of only those that have been altered), but also a high cost because even if you only moderate one comment, a page with potentially hundreds of comments has to be sent back to you.

    A moderation system that uses Ajax to submit comments, on the other hand, sends only one status for only one comment, and doesn't have to reload the page with hundreds of comments, because all it needs is a simple success or failure flag in return. Thus, if you moderate five comments, you might make five requests, but those requests are tiny compared with the single massive request that the non-Ajax version needs to make.

    In the more general case, it may very well be that some database queries simply don't need to be made in most cases, but do in a minority of cases upon certain user interactions. In these cases, without Ajax, you are stuck performing the queries preemptively for all users, instead of only in the minority of cases where it is needed.

    Thinking "more HTTP queries == worse performance" is an incredibly superficial analysis and neglects many important factors.

    --
    Bogtha Bogtha Bogtha
  6. Re:Just stop using Ajax by nickovs · · Score: 4, Insightful

    Really, it was presumptuous of you to try to foist your server load problems off onto your clients. Yeh, Ajax has "buzz" and all, but to most people it's just damned stupid.

    This indicates a complete lack of understanding of why developers are turning to AJAX. The point is not that they want to foist their server load problems on the client. The point is that they are trying to give their users a more responsive experience. Reducing the burden on the server is one effective way to do this.

    When we were all on the far end of 14K4 modems, a few seconds of latency at the server went more or less unnoticed. Now that most of us have broadband, people complain if the information does not at least appear to arrive instantly. AJAX, when used properly (and I concede that it is not always used properly) is about having web sites that only move the change information back and forth, without moving all of every page when little has changed. This reduces the traffic between the client and server in both directions and can improve responsiveness as a result. Google Maps is a classic example of this; by moving the map tiles around locally in JavaScript and only asking the server for the missing tiles as they are needed makes for a much more interactive experience. The fact that the map tiles are all static content is a bonus, but it's not the end goal.

    --
    If intelligent life is too complex to evolve on its own, who designed God?