政策及程序
大学礼堂照片

Web开发

关于本政策

负责办公室
信息技术

打印或查看此策略的PDF文件

1. 目的

十大博彩推荐排名州立大学’s 信息技术 Division (IT) has adopted a web application development platform consisting of specific operating systems, web服务器, 数据库, and programming 工具 that can be used to host web applications developed in-house or by outside contractors. The purpose of this document is to define the components of the 大学’s supported web development platform, 编码标准, and testing and approval process so that applications can be developed in a manner consistent with accepted interoperability and security practices and be fully compatible and supportable in our environment.

2. 范围

任何大学分部, 部门, or individual that develops applications that will run on IT or 部门al computing platforms. This includes both web-based and traditional client/server based applications.

3. 可接受的技术

在一般情况下, in-house developers or outside contractors hired to develop custom web-based applications for use on IT supported servers should develop those applications using 开放的标准 协议、语言和工具. IT将开放标准定义为:

“A technology whose specifications are published and freely available, (ex. HTML, XML, PHP, Java) and sufficiently detailed such that applications written according to the specification will work with any other software or platform designed for compliance with said specification.”

The list of acceptable open-standards technologies that are supported by IT include but are not limited to:

  • Java / JSP / JavaEE (Java is IT’s preferred platform for all application development)
  • PHP 5或更高版本.
  • 符合W3C标准的HTML, XHTML, CSS, DHTML, XML, DOM.
  • Javascript / ECMAScript
  • Python
  • Ruby
  • SSL / TLS
  • Apache Tomcat /
  • SQL standards such as SQL-92, 99, or 2003 (vendor-specific SQL extensions should be avoided)

Note: Web developers intending to use any technologies other than those listed above must consult with IT before any development work begins. IT cannot guarantee application compatibility with our existing infrastructure if non-supported technologies are used for development or deployment.

4. 平台和功能注意事项

To ensure application compatibility within MSU’s campus computing infrastructure, web application developers should keep the following in mind:

  • Production web applications servers at MSU primarily use Apache 2.在Linux、Solaris和Windows Server平台上运行.
  • Microsoft’s IIS web server and/or Active Server Pages (ASP) technologies are supported only when required by third-party applications.
  • 而IT主要使用Apache Tomcat, all Java web application code must be written to run in any J2EE 6 or higher-compliant web application container architecture.
  • Microsoft SQL server is supported by IT for traditional client-server database applications. 然而, the preferred database platforms for web-based applications are Postgres, MySQL, 和Oracle 11g.
  • Web-based applications must support recent versions of all popular web browsers, 包括Mozilla Firefox 17或更高版本, Internet Explorer 10或更高版本, 和Safari 5或更高版本. Adhering to W3C web standards is the best way to ensure this compatibility.
  • Any user authentication mechanisms must provide an encrypted (SSL) HTTPS connection for the login screen to avoid transmitting username and password information in plain text. IT可以根据请求提供SSL证书.
  • Authentication mechanisms that utilize MSU NetIDs must be done via an encrypted, 匿名绑定校园LDAP服务器. Where applicable, user authorization should be handled via LDAP groups.
  • 任何文件传输操作, SQL查询, or directory service lookups must occur over a secure channel such as SSL, SFTP, 或SCP.

5. 应用验证、测试和开发生命周期

  • 应用程序应该基于平台进行设计, 工具, and data connectivity guidelines presented in this document and other related 大学 policy documents such as Safeguarding Sensitive and Confidential Information and Secure Directory Services Access for User Authentication and Authorization.
  • Functional requirements for applications should consider all appropriate 大学 policies, 行业指南, 以及州和联邦关于安全访问的规定, 处理敏感资料, and protection of personally identifiable information (PII) or financial records. 例如HIPAA、FERPA和PCI-DSS.
  • 只要有可能, application development will be performed in a secure ‘dev’ or ‘test’ environment that is isolated from the Internet and may have limited or no access to the 大学’s production server farm and campus network.
  • Prior to moving an application from the dev/test environment to production use, the application will be scanned by IT’s Systems and Security Group for known security vulnerabilities using automated 工具 such as WebInspect, AppScan, 或其他商业和开源实用程序. Application developers are encouraged to request periodic security scans during the development process (i.e. at each milestone of the project) to pro-actively address security vulnerabilities and reduce the likelihood of issues arising during the final pre-production scan.
  • When the pre-production application scanner has been completed, the application will be moved into the appropriate production environment and any required external firewall rules for remote communication will be enabled.
  • IT’s Systems and Security Group will periodically re-scan applications that are in production use to ensure that they are not vulnerable to new attack methods.

查看资讯科技政策查看技术策略查看所有策略