just wondering if there could be any issue building a shopping cart using Backbone.js and more specifically if there were any security issues using hash-bangs over HTTPS?
Also I guess I can POST credit card details through AJAX, correct?
Cheers,
You still need robots.txt to keep your urls from being indexed, even if you're using HTTPS. The #! (hashbang) as opposed to # (hash) provides a way to index sites by their url fragment. Instructions for disallowing are on the google page about indexing hashbang. In practice you likely won't have to worry about it because google's crawlers aren't authenticated and won't index an error. But if a Google Toolbar is installed the URLs with fragments may be sent to Google before Google determines that the URL+fragment will not be indexed. To simplify things, you could use # instead of #! after logging in; a # deep link will not be indexed.
If a request is made through HTTPS, it's encrypted, whether it's AJAX or not. If your backbone model url starts with https://, it will either send it encrypted or fail. From a network eavesdropping perspective, it's the same as posting without AJAX.