Webserve account agreement

Important:
On Webserve, PHP 7.1 will become the default version in spring 2018; however, PHP 5.6 will still be available until it is retired at the end of December 2018. For help specifying which version of PHP to use, see PHP server-side scripting language.

Webserve is a web hosting service and several subservices. To be entrusted with a Webserve service account, users of the Indiana University computing networks must accept certain responsibilities and agree to use their accounts in accordance with certain standards.

To request any service account, you must have agreed to the terms of the IU Acceptable Use Agreement. The Webserve agreement supplements the Institutional Data Acceptable Use Agreement by addressing the unique aspects of the Webserve service.

Information governance explained

The roles for Webserve data and information are as follows:

  • Webserve service account owner: These are faculty and staff members who have been assigned a Webserve service account as a result of a request for a new account, or have accepted the transfer of an existing Webserve service account to them. The Webserve service account owner is responsible for ensuring all policies and laws listed in the Institutional Data Acceptable Use Agreement are followed.
  • Webserve service account user: These are faculty and staff members who have been granted access to Webserve service account resources by the Webserve service account owner. The Webserve service account users are also responsible for ensuring all policies and laws listed in the Institutional Data Acceptable Use Agreement are followed.

Information classification explained

Only Public and University-internal data are suitable to be stored in a Webserve service account file system or database. Restricted and Critical data cannot be stored in a Webserve service account file system or database. For definitions of Public, University-internal, Restricted, and Critical data, see Data classifications. In addition, federally and state protected data, human subjects research data, and passwords cannot be stored in a Webserve service account file system or database. For more about data classifications, see What is sensitive data, and how is it protected by law?

Usage responsibilities

The following points detail your responsibilities as you access, use, or handle information or information technology (IT) at IU.

Secure usage

You agree to:

  • Secure the Webserve service account. Limit distribution of passwords to only the users that require access. Change the password whenever anyone that knows the password leaves. When possible use the Siteshare subservice to grant access to the service account file space to service account users.
  • Before giving a user the password assure the user agrees to the terms of the "Institutional Data Acceptable Use Agreement" and this document.
  • Ensure file and database permissions are secure. No directory should be world writable. No database login should have permissions greater that absolutely necessary.
  • Request a web application security scan prior to adding any software in the account and rescan after any change.
    • Software refers to files containing Perl, PHP, or Javascript.
    • Scan in the Webserve test environment to avoid adversely impacting your application and Webserve users.
    • For related information and to request a scan, see Vulnerability Scanners.
  • Ensure file uploads only occur in directories without execute permissions.
  • Use secure programming practices such as ensuring web requests are checked for threats such as SQL injection and cross-site scripting before being processed and ensuring forms are protected from bot posting.

Sanctions

Failure to comply with these standards will be dealt with seriously, and may result in service account lockout, i.e., the removal of web and account owner access. Minor violations will be reported to the service account owner so they can address the problem. More serious violations, or failure to address minor violations, will result in account lockout. Restoring access in the event of a lockout will be addressed on a case-by-case basis depending on the violation.

The Web Services Support team, WebTech team, UISO, and UIPO reserve the right to access the service account file space and database for troubleshooting purposes. The service account owner will be informed of any changes made. Although most violations will be addressed by permission changes, other changes could be made if warranted.

Assent

To be entrusted with access to Indiana University data and information, and access to IT accounts, systems, and applications, new or continuing faculty or staff employees must accept these responsibilities and standards of acceptable use. By accepting these terms, you agree to follow these rules in all of your interactions.

If you choose not to accept these standards of behavior, you may be denied access to the Webserve service and any of its subservices.

This is document bfid in the Knowledge Base.
Last modified on 2017-07-01 00:38:33.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.