 |
Meeting Minutes for September 12, 2006
Hi all,
We will have our monthly WebDev meeting tomorrow (Tuesday) afternoon beginning at 1:30 in 225 McWherter Library.
Items on the agenda include:
- UMdrive ‘public' file listings
- People web server deprecation status
- U of M web privacy notice web page
- Securing PHP web applications – discussion and demonstration
- Member Items
Let me know if there are additional web projects or issues that you would like to discuss or report on.
Joe
Joe Matesich
Interim Director, University Web & Portal Services
Information Technology Division
The University of Memphis
311 Scates Hall
901-678-3876 (Office)
901-678-3061 (Fax)
matesich@memphis.edu
Meeting:
Items on the agenda include:
-
UMdrive ‘public' file listings - http://itweb2.memphis.edu/umdinfo - site created for users of UMdrive to manage their UMdrive account; by viewing files that are public, private, secured, etc. Intent: some files may be public without user knowing. Users understanding permissions on files; read, execute, delete, etc.; and understanding of what results each pose.
This public notice site will be e-mailed to all UM users users in a few days.
- People web server deprecation status - Oct 1 is deadline for "people" server going away. Info at movepeople.memphis.edu
- U of M web privacy notice web page - (http://testumwww.memphis.edu:7440/itd/notice.php) Marketing and Advancement initiative. UM policy Marketing / Advancement - Web Sites being established/created for notices, policies, and further information.
-
Securing PHP web applications – Importance of securing web forms with PHP demonstration.
Understanding authentication and authorization. Secure channels (i.e. insecure infrastructure). Spectrum portal contains it's own LDAP, database record lookup, some applications start with admin login to LDAP then authenticate client of the form itself.
Single sign-on service(shibboleth) initiative - verifies user once, then retains that info for duration of a user's session.
Another issue of server permissions; sensitive information; should have some type of authentication.
Web Administrators - secure connections should be contained and managed correctly. Use session variables. Avoid passing parameters in http URLs.
Implementation Considerations -
Demonstration https://itdev.memphis.edu/wssample - using session variables for admin and client authentication.
Sample site:
https://itdev.memphis.edu/wssample
PHP code for sample site:
https://umdrive.memphis.edu/g-webservices/webdev/phpauthexample
Session variables are retained in a file on that system.
WebDev users encouraged to utilize these codes for ensuring security.
- Member Items
spectrum - pay stub, etc is Spectrum secure?
Tech Support proxy being used; yes, secured.
|
| Meetings
Meeting Minutes
- November 12, 2009
- October 14, 2009
- September 9, 2009
- August 2009
- July 2009
- May 2009
- April 2009
- February 2009
- November 2008
- October 8, 2008
- September 2008
- August 13, 2008
- July 9, 2008
- May 14, 2008
- April 2008
- March 12, 2008
- February 13, 2008
- October 10, 2006
- September 12, 2006
- July 25, 2006
- April 11, 2006
- April 26, 2005
- March 29, 2005
- November 23, 2004
- October 26, 2004
- September 28, 2004
- July 27, 2004
- June 22, 2004
- May 25, 2004
- April 28, 2004
- March 23, 2004
- February 24, 2004
- January 27, 2004
- November 25, 2003
- October 28, 2003
- September 23, 2003
- August 26, 2003
- March 25, 2003
- June 23, 2003
- May 27, 2003
- April 29, 2003
|
Facebook 
YouTube 
Twitter