I haven't been using my Maybank account (basically abandoning it unless there's a need to M2U to some friends for convenience sake, oh.. and, it has more ATM machines than HSBC that is true) for the past 2 months ever since I changed my job.
As I am NOW doing some book keeping, as well as to experience the pain others are suffering, I convinced myself to log into the site. Clicking on "Transaction History", the cool Ajaxy waiting icon appeared and.. woohoo, a few 10 seconds later:
Ah, ArrayIndexOutOfBoundsException, caused by a JSP tag. I don't want to know what else they're doing with Struts and in the JSP, but surely, these guys wrote some shit to make almost every customer suffers.- yc
11 comments:
I was able to reproduce the error with:
Collections.emptyList().get(0);
The stack trace generated is:
Exception in thread "main" java.lang.IndexOutOfBoundsException: Index: 0
at java.util.Collections$EmptyList.get(Collections.java:2975)
at Maybank2uIsOneEpicFailure.main(Maybank2uIsOneEpicFailure.java:14)
Now, I'm not sure that's a fluke or pure incompetency. Worries me that code like this exists in a banking app...
the same I have yesterday..
I manage to get the actual display on the "account & banking" tab... but it's terribly slow.. so i did my transaction on the classic M2U.. although it's slow too but can make the transaction go thru... (maybe affected by the new version problem too). What apps server they are using?
anak perelih: Look like it's something called BroadVision. Something app server that I have never heard of.
yc
yc: BroadVision is the vendor's name, look at the stack trace at com.broadvision.servlet... kinda of naming convention for company's packaging name.
I actually did a google search and found some guys wanted to use Struts within BroadVision. So I would suspect they have their own J2EE app server.
It's still a wild guess afterall.
yc
so is it a serious security issue?
Hi there,
Whether there's a security issue behind this new site, I do not know. I'm not a security expert.
yc
Then its SAD to see some other people condemning the security vendor and the development unit for what seems to be an application error.It is damn slow anyway. Glad you highlighted it tho.
I guess people are worried of the quality of work being produced. Security is a big thing and if these guys could not handle good at the front-end level, we won't know how much loopholes could be created by them.
Think about XSS and XSRF too.
Pretty valid assumption.
yc
I guess the guys behind M2U have no idea what are XSS and XSRF, anyway... haha
Post a Comment