WebDev - Web Developers

University of Memphis Photo
WebDev Meeting Minutes for September 12, 2006 Related Topics:

WebDev Meeting Minutes for September 12, 2006

Hi all,

We will have our monthly WebDev meeting tomorrow (Tuesday) afternoon beginning at 1:30 in 225 McWherter Library.

Items on the agenda include:
  • UMdrive ‘public' file listings
  • People web server deprecation status
  • U of M web privacy notice web page
  • Securing PHP web applications – discussion and demonstration
  • Member Items

Let me know if there are additional web projects or issues that you would like to discuss or report on.

Joe

Joe Matesich
Interim Director, University Web & Portal Services
Information Technology Division
The University of Memphis
311 Scates Hall
901-678-3876 (Office)
901-678-3061 (Fax)
matesich@memphis.edu


Meeting:

Items on the agenda include:
  • UMdrive ‘public' file listings - http://umwa.memphis.edu/umdinfo- site created for users of UMdrive to manage their UMdrive account; by viewing files that are public, private, secured, etc. Intent: some files may be public without user knowing. Users understanding permissions on files; read, execute, delete, etc.; and understanding of what results each pose.

    This public notice site will be e-mailed to all UM users users in a few days.

  • People web server deprecation status - Oct 1 is deadline for "people" server going away. Info at movepeople.memphis.edu
  • U of M web privacy notice web page - (http://testumwww.memphis.edu:7440/itd/notice.php) Marketing and Advancement initiative. UM policy Marketing / Advancement - Web Sites being established/created for notices, policies, and further information.
  • Securing PHP web applications – Importance of securing web forms with PHP demonstration.
    Understanding authentication and authorization. Secure channels (i.e. insecure infrastructure). Spectrum portal contains it's own LDAP, database record lookup, some applications start with admin login to LDAP then authenticate client of the form itself.

    Single sign-on service(shibboleth) initiative - verifies user once, then retains that info for duration of a user's session.

    Another issue of server permissions; sensitive information; should have some type of authentication.

    Web Administrators - secure connections should be contained and managed correctly. Use session variables. Avoid passing parameters in http URLs.

    Implementation Considerations -
    Demonstration https://itdev.memphis.edu/wssample - using session variables for admin and client authentication.

    Sample site:

    https://itdev.memphis.edu/wssample

    PHP code for sample site:

    https://umdrive.memphis.edu/g-webservices/webdev/phpauthexample

    Session variables are retained in a file on that system.

    WebDev users encouraged to utilize these codes for ensuring security.

  • Member Items
    spectrum - pay stub, etc is Spectrum secure?
    Tech Support proxy being used; yes, secured.
Meeting Minutes for 2014 Meeting Minutes for 2013 Meeting Minutes for 2012 Meeting Minutes for 2011 Meeting Minutes for 2010 Meeting Minutes for 2009 Meeting Minutes for 2008 Meeting Minutes for 2006 Meeting Minutes for 2005 Meeting Minutes for 2004 Meeting Minutes for 2003
Text Only | Print | Got a Question? Ask TOM | Contact Us | Memphis, TN 38152 | 901/678-2000 | Copyright 2013 University of Memphis | Important Notice | Last Updated: 
Information Technology Services | 100 Administration Bldg. | Phone: 901.678.8888 | Email: UMTech@memphis.edu
Last Updated: 3/23/14