Web Security Issues

Missouri State acknowledges that its functions may require a certain level of privacy and protection, and it strives to provide a reasonably safe computing environment.

For complete information, please see the information technology policies.  Below is a brief overview of how the security requirements affect web developers:

Protecting Data and Records

Websites that contain personally identifiable educational records, closed records, or personal information are required to use password protection, encryption and secure storage.

Password Protection

Password protection requires the web user to enter a username and password before any content is shown.  There are two forms of password protection:

  • Single Sign On
    Single Sign On is available to both those that use Web Press to edit their sites and to those that don't.  It allows the web developer to require the user to input a username and password which is then verified through the CAMS system.
    Note:  Single Sign On only protects web pages; it does not protect other documents in your website, such as word or PDF files.
  •  Restricted Websites
    Missouri State University websites can have folders where access is restricted to certain groups of people. This restricted access is provided through Windows network authentication, which requires users to log in with their BearPass login and password.
    Note:  Restricted websites protect all files in the folder.
    • Any style sheets, images or other content included on your restricted web pages should be stored within the restricted site. Otherwise, the user will be asked to log in multiple times.
    • To request a restricted website visit the Office of Web and New Media.

Encryption

Secure websites encrypt all data sent to or received from it. This helps prevent people from intercepting data transmissions and capturing sensitive data. Missouri State secures its websites through secure socket layer (SSL).

  • Secure sites are provided through application development websites. Please email web@missouristate.edu to request a secure site.
  • All secure site URLs must begin with https:// instead of http://.
  • All images and web components used on your secure site need to be in a secure web.
    • If your secure site links to files located in non-secure pages, including images, style sheets or other content, a warning message will appear when visitors come to your secure site asking them if they want to load both non-secure and secure elements. This gives the visitor the impression that your site is not secure, even though it really is.

Secure Storage

  • Web forms that collect personal confidential information, such as social security, credit/debit card or bank account numbers must store their submissions in a database.  Email is not an acceptable method for processing form submissions.
  • Web developers or those with access to privileged information should never share their password.

Disclosure and Publishing Guidelines

Closed records and personally identifiable educational records should never be published to an insecure site.

Web developers should look through and follow the Disclosure and Publishing Guidelines before publishing a live site to insure proper disclosure of information.