280 likes | 417 Views
Portal User Group Meeting. April 29, 2010. Agenda. Welcome Accessibility Committee Updates & Reminders DSF.Net Portal Upgrade LMS Demonstration Open Discussion DSF.Net Demonstration (Optional). Accessibility Committee Update. Updates & Reminders.
E N D
Portal User Group Meeting April 29, 2010
Agenda • Welcome • Accessibility Committee • Updates & Reminders • DSF.Net Portal Upgrade • LMS Demonstration • Open Discussion • DSF.Net Demonstration (Optional)
Classic DSF Reminder – Expiration Dates • Folders can be set to automatically unpublish content on a specified date • Folders should be set with this feature off unless the folder is using browse page with dates • We have been finding some folders with the Effective Date feature activated, so content is expiring • Use Custom Webpages (2448) settings when creating a new folder • System sends an email three days before it is unpublished. Adminstrators should check them when they come in
Reminders – Upgrading to IE 8 • Classic DSF System Admins should NOT upgrade to Internet Explorer 8 (IE 8) • IE 8 causes some errors within the Editor • DOIT has not yet pushed out IE 8, and IE 8 is not standard State of Connecticut software
New Guideline – State Holidays • We have received complaints from the public that they did not know an agency was closed due to state holiday or furlough day • To remedy this issue we recommend agencies add a link to the full state holiday’s on their Contact Us page • Also, if you utilize a calendar on your site, all the holiday’s and furlough days should be listed if your offices will be closed • If you are a direct service agency you may also want to consider a notice on your home page for the week prior to the holiday or furlough
Request for Service (RFS) Reminder • All requests and problems are reviewed and tracked at an agency level • To assist us, please make sure you fill out the portal request form when you need something from us • If you have a problem that needs immediate assistance, please call the help desk at 860-622-2300. They will track us down 24/7 for problems
V3 Template Update • 39 sites are now on the V3 template • 19 Sites are in progress • We’d like to move all agencies to the new template. If you are ready to work with us please fill out request form at http://www.ct.gov/cpi/cwp/view.asp?a=3371&Q=416040
Visitor Statistics • WebTrends is still running • All data analyzed will be kept and available to Agencies for the foreseeable future • We’ll change over to Google Analytics when the privacy policy is updated and approved
Privacy Policy • Google Analytics uses persistent cookies, which violate the current Privacy Policy • We started to review the Privacy Policy to address this issue • We realized it needed more work, so the entire policy is being re-written • We expect to submit the new Policy for approval in May
Social Media Policy • DOIT is working on a new Social Media Policy for: • Agencies creating a Social Media presence • How should employees interact with these sites • Once a draft is ready, we will start a small working group to review it • If you are considering a social media presence, feel free to contact us to discuss this Policy
Form Vulnerabilities –Security Issues From May 14, 2008Portal User Group Meeting • Security Issues • Scrubbing Forms Input • Denial of Service Protection Mechanisms • Malicious Injection • Data Validation
Form Vulnerabilities –Security Issues • http://www.cert.org/advisories/CA-1997-25.html • If user-supplied data is not sufficiently sanitized, local and remote users may be able to execute arbitrary commands on the HTTP server with the privileges of the httpd daemon. They may then be able to compromise the HTTP server and under certain configurations gain privileged access. http://www.cert.org/advisories/CA-1997-25.html
Form Vulnerabilities –Security Issues http://www.cert.org/advisories/CA-2000-02.html Malicious HTML Tags Embedded in Client Web Requests • A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when input is not validated to prevent malicious HTML from being presented to the user. http://www.cert.org/advisories/CA-2000-02.html
Form Data Collection • If you have a form collecting data to a file or database, the sensitivity of the data should be reviewed • DOIT is working on a data classification • Our basic website hosting are not intended to house sensitive data • Dir.ct.gov or similar sites • Non-Portal sites • Those servers do not have the proper protection for data at rest • More information will be sent out when we have a remediation strategy
DSF.Net Project Update • Behind schedule due to permission issues found with system • We are back on track and recently set a new baseline for the project
DSF.Net Project Schedule • October 30 Cimbrian delivered build for system testing • Nov 5 – Nov 30 PMG performed extensive system testing • Nov 5 – April 12 CT Developers fixed issues found during system testing • April 15 – April 30 PMG will perform 2nd round of system testing • April 15 – May 24 CT Developers will fix issues found during system testing • June 14 – June 18 - User Acceptance Testing will be performed • July 23, 2010 – Startmigrations to the new system
DSF.Net Upgrade Process • To get in the upgrade queue, agencies need to fill out the online form at http://www.ct.gov/cpi/cwp/view.asp?a=1766&q=439074 • We currently have 26 Sites in the queue • We will be migrating 4 pilot sites to the new system first. The sites are Department of information Technology (DOIT), Charter Oak Health Care (DSS), Teen Driving (DMV) and OPAPD • Once they are complete and we’ve streamlined the process, we will be begin with the sites in the queue
DSF.Net Upgrade Process (cont) • Majority of process will be automated. • Areas that will require input from agencies include roles and permissions, eAlert topics, Workflow groups, and folder and subfolder permissions • We have decided not to move public users into the new system. We’ll have to send emails out to them that they need to re-register • Agency url will change to www.agency.ct.gov. Old url will redirect to the new site
DSF.Net Upgrade Preparations • Web File Manager housekeeping • Please review your file manager and delete any files that are no longer needed • Make sure internal links are relative not absolute • Rename page titles with over 50 characters • Remove the '&' symbol from page titles • Verify there are no duplicate page names • Remove the PM=1 from any link on the site
DSF.Net Training • Learning Management System (LMS) will be primary mode of training • The system is available online, inside the state network • Demo of LMS
DSF.Net Demo • Administration and Presentation sites • Create a new page • Add content • Add page to navigation • Put through workflow • Approve page • Review presentation site