Continuing Airworthiness Web Information System (CAWIS) was initially designed between 2001-2005, as an external Web application only, . This was done so that the Continuing Airworthiness inspectors could access their projects 24/7 in addition to providing access to Airworthiness Directives (AD) and Service Difficulty Report (SDR) submissions for the public.
This has become significantly less important to the internal clients, since they can now access the internal site through VPN or Citrix.
The drawbacks to this arrangement having a External-only site were as follows :
it was slow. If a user, anywhere in the world was doing a large SDR search on the public component of the website, response times were slowed down for all users. The public SDR component of the system did not have a 1000 record limit back then.
The TC Firewall/DMZ ( at that point in time ) was extremely limiting in terms of data throughput , so sessions would die often died in the middle of searches and saves. Uploading attachments to projects and SDR’s was also a problem.
There were frequent site outages
...
It was considered making CAWIS “external” only again during the WCAG conversion in 2018, but an internal site was ultimately setup to accommodate security concerns expressed by SSC in September 2017. (emails are in attachments)
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Some other results of this review were
to ensure certain attachment types were not found on any of the attachment tables for each subsystem
to ensure anything perceived as HTML code, was not found - or permitted to be added - to any table containing text input fields
CAWIS-INT and CAWIS-EXT are essentially the same system with a couple of differences listed below. For this reason, most of the CAWIS, how-to articles will be found under CAWIS-INT.
The main differences between the External and Internal sites are as follows :
The Transportation Safety Board (TSB) projects DO project module DOES NOT appear on the CAWIS menu at all on the External site, due to the fact that it contains Protected “B” documents.
The ADMIN/CODE maintenance subsystem on the External site, has no options other than to purge the browser cache, to test updates of onscreen messaging . This is all that should appear on the code maintenance menu :
Attachments CANNOT be uploaded to any of the project subsystems (PTS, AMOC)
When publishing code, “staging” will contain the version that should go to the external site and ACC contains the profile and settings for Internal ACC Site etc…
When generating files for Publishing, for External and Internal version deploying in any staging server, please ensure that you use the right profile :
...
CAWIS EXTERNAL
http//www.tc.gc.ca/cawis-swimn (vanity URL - this is used in a great deal of documentation )
https//wwwapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn
web AD folder : \\ncrws536\wwwappsroot\Saf-Sec-Sur\2\AwD-CN\documents
CAWIS INTERNAL
https//tcapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn/
web AD folder : \\ncrws539\tcappsroot\Saf-Sec-Sur\2\AwD-CN\documents