Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

CAWIS was initially designed as an external Web application only, so that the Continuing Airworthiness inspectors could access their projects 24/7 in addition to providing access to Airworthiness Directives (AD) and Service Difficulty Report (SDR) submissions from the public.

The drawbacks to this arrangement were as follows :

  1. it was slow. If a user, anywhere in the world was doing a large SDR search on the public component of the website, response times were slowed down for all users

  2. The public SDR component of the system did not have a 1000 record limit then.

  3. The TC Firewall ( at that point in time ) was extremely limiting, sessions would die in the middle of searches and saves

  4. There were frequent site outages

So it was decided, in April 2010, to setup an internal site for TC Users, to avoid employees having to compete for resources.

It was considered making CAWIS “external” only again during the WCAG conversion in 2018, but an internal site was ultimately setup to accommodate security concerns expressed by SSC in September 2017.

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Some other results of this review were

  1. to ensure certain attachment types were not found on any of the attachment tables for each subsystem

  2. to ensure anything perceived as HTML code, was not found - or permitted to be added - to any table containing text input fields

The main differences between the External and Internal sites are as follows :

  1. The Transportation Safety Board (TSB) projects DO NOT appear on the CAWIS menu at all on the External site, due to the fact that it contains Protected “B” documents.

  2. The ADMIN/CODE maintenance subsystem on the External site, has no options other than to purge the browser cache, to test updates of onscreen messaging

CAWIS EXTERNAL

http//www.tc.gc.ca/cawis-swimn (vanity URL - this is used in a great deal of documentation )

https//wwwapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn

web AD folder : \\ncrws536\wwwappsroot\Saf-Sec-Sur\2\AwD-CN\documents

CAWIS INTERNAL

https//tcapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn/

web AD folder : \\ncrws539\tcappsroot\Saf-Sec-Sur\2\AwD-CN\documents

  • No labels