Department of Engineering

Worldwide Web - Departmental Guidelines

Web Servers

Before running a Web server on the Departmental Network, approval must be obtained from the Department's Network Administrators (ip-register). This is both to ensure that the Department can monitor web page content for its suitability and in the interests of network security.

Web Pages

The Department believes that there are educational and other desirable benefits to users of computers in the Department being allowed to produce and publish their own Web pages. In order to comply with University rules, legislation and the proper use of national network funding, the following restrictions apply. These apply to all computer systems in the Department running Web servers (note particularly the guideline relating to server security).

1. The use must comply with the University Information Strategy and Services Syndicate's Rules, the associated guidelines on interpretation and Web Guidelines, and with the Authorization for Use of the CUDN. These in turn require compliance with JANET Acceptable Use rules and relevant legislation.

   Some of the main points which these cover are that the material must not: be pornographic or defamatory; contravene the Data Protection Act; breach any copyright or trademark registration; or bring the University or Colleges into disrepute. One of the commoner improper uses is use of the University crest without permission.

   There are also requirements under the Disability Discrimination Act for material to be as accessible as possible to disabled users. The Department's House Style guidelines attempt to ensure this.

2. It must be clear to the reader of any page whether it is being published officially by the Department or privately by an individual. Privately published material must not contain any material which gives the impression that it is an official publication (eg significant elements of the House Style) and must indicate who is publishing the material. Material published on behalf of the Department must be approved by someone authorised by the Head of Department to do so and must conform to the House Style.

3. Private Web pages are allowed on the understanding that they are for the provision of information for non-profit-making purposes relating to the individual publishing them. This may include academic and recreational interests but must not extend to the provision of Web pages on behalf of a third party (for which explicit permission must be obtained - see 4 below). Additional disk space and other resources will not normally be provided for private Web pages unless the content is primarily academic and of relevance to the work of the Department.

4. If Web pages are to be provided on behalf of a third party or for profit-making purposes, permission must first be obtained from the Computer Systems Committee by sending a written request to the Secretary of the committee. The Department will not normally provide space for Web pages on behalf of a third party unless that person or organisation's activites are directly related to and compatible with its own.

   Note that the University Computing Service have facilities for providing Web pages for University societies and societies will normally be required to use these rather than departmental facilities.

5. Particular care must be taken when using facilities which cause the Web server to run additional programs (eg cgi-bin scripts) especially if these are to receive input from a client Web browser. Unless such programs are very carefully written, attacks may be made on the server or other machines by people using deliberately malformed input.

   If one server in the Department can be compromised in this way, it may then be used to attack other machines. Alternatively, programs which generate email, if compromised, can be used to send nuisance email to other sites. Since these types of attack potentially affect the whole Department, carelessness of this type in setting up Web servers may be treated as a disciplinary matter.