Versions Compared

Old Version 7

changes.mady.by.user kurt.martin

Saved on

compared with

New Version 8

changes.mady.by.user kurt.martin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Continuing Airworthiness Web Information System (CAWIS) was initially designed between 2001-2005, as an external Web application only, . This was done so that the Continuing Airworthiness inspectors could access their projects 24/7 in addition to providing access to Airworthiness Directives (AD) and Service Difficulty Report (SDR) submissions from for the public.

This has become significantly less important to the internal clients, since they can now access the internal site through VPN or Citrix.

The drawbacks to this arrangement having a External-only site were as follows :

  1. it was slow. If a user, anywhere in the world was doing a large SDR search on the public component of the website, response times were slowed down for all users. The public SDR component of the system did not have a 1000 record limit back then.

  2. The TC Firewall/DMZ ( at that point in time ) was extremely limiting in terms of data throughput , so sessions would die often died in the middle of searches and saves. Uploading attachments to projects and SDR’s was also a problem.

  3. There were frequent site outages

...

It was considered making CAWIS “external” only again during the WCAG conversion in 2018, but an internal site was ultimately setup to accommodate security concerns expressed by SSC in September 2017. (emails are in attachments)

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Some other results of this review were

  1. to ensure certain attachment types were not found on any of the attachment tables for each subsystem

  2. to ensure anything perceived as HTML code, was not found - or permitted to be added - to any table containing text input fields

CAWIS-INT and CAWIS-EXT are essentially the same system with a couple of differences listed below. For this reason, most of the CAWIS, how-to articles will be found under CAWIS-INT.

The main differences between the External and Internal sites are as follows :

  1. The Transportation Safety Board (TSB) projects DO project module DOES NOT appear on the CAWIS menu at all on the External site, due to the fact that it contains Protected “B” documents.

  2. The ADMIN/CODE maintenance subsystem on the External site, has no options other than to purge the browser cache, to test updates of onscreen messaging

...