> > I am looking for a bank with an internet bank that runs using only > > Free software.
Is this some kind of religious thing? Whatever the web frontend is, the backend is likely to be IBM mainframes. > If you are looking at it from a client point of view I assume, in > which case, both > DBS[1] and Standard Chartered[2] work just fine. In fact, I think SCB > is better only > because it does not need Java per se - which, in my mind, makes the app run > leaner. The SCB site atleast works on my mobile phone! I use DBS, and I know that they use a Java applet during login. (I uninstalled JDK from my PC, and my Internet banking stopped working, doh!) I've heard that the applet supposedly encrypts the PIN; i.e., on top of the HTTPS session, the login applet does an additional encryption. I was told this could have been due to some MAS "recommendation", rationale being that HTTPS terminates at the front end web server, or maybe the SSL accelerator in front of the web server. Given that the typical Internet banking web application could involve some middleware thingy (WebLogic, WebSphere, etc.), some database thingy, and the mainframe backend, the double encryption is to ensure the PIN does not appear in the clear anywhere within the bank's network. Since you say SCB's works without Java, maybe they use Javascript to do the PIN encryption? Or, maybe they just don't. Cheers. _______________________________________________ Slugnet mailing list [email protected] http://wiki.lugs.org.sg/LugsMailingListFaq http://www.lugs.org.sg/mailman/listinfo/slugnet
