How to not write code for banks

No comments
While surfing the interwebs, I stumble upon this one company, which has been providing  a lot of applications to the Malaysia local banks (hereinafter referred to as Vendor ABC).

So, me being me, with a lot of curiosity.. I started poking around with the demo site provided by Vendor ABC. Upon some time, I found one very interesting finding..

This application have a XMLRPC web service, exposed few services to the client
The code:

So basically, this XMLRPC web service expose three methods: query, insertcall and updatecall. From the name itself, everyone can guess, what this function actually does.. lol

The query method code:


All these exposed XMLRPC web service can be access without any authentications.. Hahaha

Upon quick google search, reveal that out of 8.. Only more than two, but less than four banks doesn't use this application.


List Source: http://www.bnm.gov.my/index.php?ch=li&cat=banking&type=CB&sort=lf&order=desc

Ok Bye.

No comments :

Post a Comment