Worldwide Web - Departmental Guidelines
Before running a Web server on the Departmental Network, approval must be obtained from the Department's Network Administrators (ip-register). This is both to ensure that the Department can monitor web page content for its suitability and in the interests of network security.
The Department believes that there are educational and other desirable benefits to users of computers in the Department being allowed to produce and publish their own Web pages. In order to comply with University rules, legislation and the proper use of national network funding, the following restrictions apply. These apply to all computer systems in the Department running Web servers (note particularly the guideline relating to server security).
- The use must comply with the University Information Strategy and Services Syndicate's
on interpretation and
Web Guidelines, and with the
for Use of the CUDN. These in turn require compliance with JANET Acceptable
and relevant legislation.
Some of the main points which these cover are that the material must not: be pornographic or defamatory; contravene the Data Protection Act; breach any copyright or trademark registration; or bring the University or Colleges into disrepute. One of the commoner improper uses is use of the University crest without permission.
There are also requirements under the Disability Discrimination Act for material to be as accessible as possible to disabled users.
- It must be clear to the reader of any page whether it is being published officially by the Department or privately by an individual. Privately published material must not contain any material which gives the impression that it is an official publication and must indicate who is publishing the material. Material published on behalf of the Department must be approved by someone authorised by the Head of Department to do so.
- Private Web pages are allowed on the understanding that they are for the
provision of information for non-profit-making purposes relating to the
individual publishing them. This may include academic and recreational
interests but must not extend to the provision of Web pages on behalf of a
third party (for which explicit permission must be obtained - see 4 below).
Additional disk space and other resources will not normally be provided for private Web pages unless the content is primarily academic and of relevance to the work of the Department.
- If Web pages are to be provided on behalf of a third party or for
profit-making purposes, permission
must first be obtained from the Computer Systems Committee by sending
a written request to the Secretary of the committee.
The Department will not normally provide space for Web pages on behalf of
a third party unless that person or organisation's activites are directly
related to and compatible with its own.
Note that the University Computing Service have facilities for providing Web pages for University societies and societies will normally be required to use these rather than departmental facilities.
- Particular care must be taken when using facilities which cause the Web server
to run additional programs (eg cgi-bin scripts) especially if these are to receive input
from a client Web browser. Unless such programs are very carefully written, attacks may
be made on the server or other machines by people using deliberately malformed input.
If one server in the Department can be compromised in this way, it may then be used to attack other machines. Alternatively, programs which generate email, if compromised, can be used to send nuisance email to other sites. Since these types of attack potentially affect the whole Department, carelessness of this type in setting up Web servers may be treated as a disciplinary matter.
In cases of doubt about the appropriateness of material intended for publication on the Web, please email webadmin. In any dispute about appropriate use of the Department's facilities for the provision of Web material, the Head of Department's decision is final. Contravention of these guidelines may be treated as misuse of a computer system and dealt with by the Information Strategy and Services Syndicate's disciplinary procedures.