1) There are two websites: www-nmr and www-nmr-test. The first is our published web site that can be seen outside of CABM. The second is the test web site that can be seen only from within CABM. All development should be done on the test web site.
2) All files and directories should have no write permissions for world. The typical mode for files should be 775. Those directories allowing cgi scripts to write to them should have mode 777.
3) Those individuals needing personal web pages should talk to Shelley Waltz.
4) Those needing to use cgi-scripts in their web development need to talk to Hunter or Matt.
5) Password protection is implemented in the following manner:
a) Create a subdirectory called "private" to put the password protected pages in.
b) Create a .htaccess file in the directory requiring a password. The following is an example that restricts access to password and to CABM.
Deny from all
Allow from 192.76.178
c) Create a subdirectory called "passwd" inside of the private subdirectory.
d) Create a passwd file inside of teh passwd subdirectory.
e) Create a .htaccess file in the passwd subdirectory giving noone access to that subdirectory. The following is an example.
AuthName ".htaccess script directives"
Deny from all
6) Web pages that are automatically generated by cgi-scripts should reside in subdirectories ending in "publish_only" to signify that they will only appear on the published web site. Web pages and scripts under development on the test web site should reside in subdirectories ending in "test_only".
7) Any changes to the website should be done first to the test website, tested, and then moved to the published web site.
8) All cgi perl scripts should use the -wT flags for website security.