CAWIS was initially designed as an external Web application only, so that the Continuing Airworthiness inspectors could access their projects 24/7 in addition to provided access to Airworthiness Directives (AD) and Service Difficulty Report (SDR) submissions from the publc.
The drawbacks to this arrangement were as follows :
it was slow. If a user, anywhere in the world was doing a large SDR search on the public component of the website, response times were slowed down for all users
The public SDR component of the system did not have a 1000 record limit then.
The TC Firewall ( at that point in time ) was extremely limiting, sessions would die in the middle of searches and saves
There were frequent site outages
So it was decided, in April 2010, to setup an internal site for TC Users, to avoid employees having to compete for resources.
It was considered making CAWIS “external” only again during the WCAG conversion in 2018, but an internal site was ultimately setup to accommodate security concerns expressed by SSC in September 2017.
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Some other results of this review were
to ensure certain attachment types were not found on any of the attachment tables for each subsystem
to ensure anything perceived as HTML code, was not found - or permitted to be added - to any table containing text input fields
The main differences between the External and Internal sites are as follows :
The Transportation Safety Board (TSB) projects DO NOT appear on the CAWIS menu at all, due to the fact that it contains Protected “B” documents.
The ADMIN/CODE maintenance subsystem has no options other than to purge the browser cache, to test updates of onscreen messaging
CAWIS EXTERNAL
http//www.tc.gc.ca/cawis-swimn (vanity URL - this is used in a great deal of documentation )
https//wwwapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn
web AD folder : \\ncrws536\wwwappsroot\Saf-Sec-Sur\2\AwD-CN\documents
CAWIS INTERNAL
https//tcapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn/
web AD folder : \\ncrws539\tcappsroot\Saf-Sec-Sur\2\AwD-CN\documents
0 Comments