Skip to main content

TD Canada Trust and Online Security


For the past few weeks I've been unable to access the TDEasyweb site. Today I discovered that it's because "TD made a corporate decision to only support Windows and Mac".

I have a few problems with this. Personally, it's a hassle because I can no longer use their easyweb site unless I go borrow someone else's computer. This seems like an anti-security measure. It's extra insult because of the way it was not communicated responsibly.

I have a bigger problem because the response I got when I talked to a manager was that the only way of dealing with it was to write to a customer feedback email address. And the reality is, if not enough people complain, then they won't do anything about it. Basically, treating my issue as one of personal preference, rather than one of technical choices and security.

But on-line security is not at all a matter of personal preference. If a majority of users decided they didn't want as many security precautions as they've got, then would that mean you should remove them? I don't think so, and I don't think anyone else does either, but that might be what you'd get if you held a vote.

To add insult to injury: people don't use Windows just because "they prefer it". Most people's technical choices are governed by a much more complicated ecosystem of supply and capitalism and monopolies and corporate choices and evolving technologies.  And Windows computers are responsible for most of the worlds security issues - for lots of reasons. So TD's decision is reinforcing the serious internet security issue that we already have.

More specific to this issue - what actually happens when I try to use their system is that I get a "Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data." So that means, in implementing their new 'security' measure (presumably as a result of the Denial of Service attacks last month), I'd guess they have decided to filter incoming requests based on the user agent, and to only accept those that are in their "support" options. This sort of makes sense because it excludes old Windows IE users, which it should, but it's a terrible way to solve their problem, which it doesn't, because that's only a small part of the problem.

[Update later today: I've had no reply from TD, but a simple experiment shows me that my guess above was correct, i.e. they're filtering the incoming traffic based on the user agent string. I used the standard development tool with Chrome to use the IE9 user string, and voila, it connects. So my personal problem is easily fixed this way, and anyone else who's using a 'non-supported' platform. I'm really not impressed ..]

TD Bank Technical Department: I have written to you, please reply.

Popular posts from this blog

Orchestrating Drupal + CiviCRM containers into a working site: describing the challenge

In my previous posts, I've provided my rationale for making use of Docker and the microservices model for a boutique-sized Drupal + CiviCRM hosting service. I've also described how to build and maintain images that could be used for the web server (micro) service part of such a service.

The other essential microservice for a Drupal + CiviCRM website is a database, and fortunately, that's reasonably standard. Here's a project that minimally tweaks the canonical Mariadb container by adding some small configuration bits: https://github.com/BlackflySolutions/mariadb

That leaves us now with the problem of "orchestration", i.e. how would you launch a collection of such containers that would serve a bunch of Drupal + CiviCRM sites. More interestingly, can we serve them in the real world, over time, in a way that is sustainable? i.e. handle code updates, OS updates, backups, monitoring, etc? Not to mention the various crons that need to run, and how about things like…

The Tyee: Bricolage and Drupal Integration

The Tyee is a site I've been involved with since 2006 when I wrote the first, 4.7 version of a Drupal module to integrate Drupal content into a static site that was being generated from bricolage. About a year ago, I met with Dawn Buie and Phillip Smith and we mapped out a number of ways to improve the Drupal integration on the site, including upgrading the Drupal to version 5 from 4.7. Various parts of that grand plan have been slowly incorporated into the site, but as of next week, there'll be a big leap forward that coincides with a new design [implemented in Bricolage by David Wheeler who wrote and maintains Bricolage] as well as a new Drupal release of the Bricolage integration module.PlansApplication integration is tricky, and my first time round had quite a few issues. Here's a list of the improvements in the latest version:File space separation. Before, Drupal was installed in the apache document root, which is where bricolage was publishing it's content. This …

IATS and CiviCRM

Update, Nov 2009: I've just discovered and fixed a bug I introduced in the 2.2 branch for the IATS plugin. The bug was introduced when i updated the API files from IATS and failed to notice that the legacy method for C$ one-time donations was no longer supported.
If you're using a version greater than or equal to 2.2.7, and are using IATS for C$, non-recurring donations, then you're affected.
To fix it edit the file : CRM/Core/Payment/IATS.php, and remove the line that looks like this:

$canDollar = ($params['currencyID'] == 'CAD'); //define currency type The full fix removes a conditional branch based on that value a little further on, but by removing this line, it'll never actually use that branch. Drop me a line if you have any questions.
Update, May 2009: This post is still getting quite a bit of traffic, which is great. Here are a few important things to note:
The IATS plugin code is in CiviCRM, you don't need to add any code.You do still …