CAWIS EXT - VS - CAWIS INT

Continuing Airworthiness Web Information System (CAWIS) was initially designed between 2001-2005, as an external Web application only. This was done so that the Continuing Airworthiness inspectors could access their projects 24/7 in addition to providing access to Airworthiness Directives (AD) and Service Difficulty Report (SDR) submissions for the public.

This has become significantly less important to the internal clients, since they can now access the internal site through VPN or Citrix.

The drawbacks to having a External-only site were as follows :

  1. it was slow. If a user, anywhere in the world was doing a large SDR search on the public component of the website, response times were slowed down for all users. The public SDR component of the system did not have a 1000 record limit back then.

  2. The TC Firewall/DMZ ( at that point in time ) was extremely limiting in terms of data throughput , so sessions often died in the middle of searches and saves. Uploading attachments to projects and SDR’s was also a problem.

  3. There were frequent site outages

So it was decided, in April 2010, to setup an internal site for TC Users, to avoid employees having to compete for resources.

 

It was considered making CAWIS “external” only again during the WCAG conversion in 2018, but an internal site was ultimately setup to accommodate security concerns expressed by SSC in September 2017. (emails are in attachments)

Cross Site Scripting (XSS) | OWASP Foundation

Some results of this review were

  1. to ensure certain attachment types were not found on any of the attachment tables for each subsystem

  2. to ensure anything perceived as HTML code, was not found - or permitted to be added - to any table containing text input fields

 

CAWIS-INT and CAWIS-EXT are essentially the same system with a couple of differences listed below. For this reason, most of the CAWIS, how-to articles will be found under CAWIS-INT.

 

The main differences between the External and Internal sites are as follows :

  1. The Transportation Safety Board (TSB) project module DOES NOT appear on the CAWIS menu at all on the External site, due to the fact that it contains Protected “B” documents.

  2. The ADMIN/CODE maintenance subsystem on the External site, has no options other than to purge the browser cache, to test updates of onscreen messaging . This is all that should appear on the code maintenance menu :

  3. Attachments CANNOT be uploaded to any of the project subsystems (PTS, AMOC)

 

When publishing code, “staging” will contain the version that should go to the external site and ACC contains the profile and settings for Internal ACC Site etc…

When generating files for Publishing, for External and Internal version deploying in any staging server, please ensure that you use the right profile :

 

CAWIS EXTERNAL

http//www.tc.gc.ca/cawis-swimn (vanity URL - this is used in a great deal of documentation )

https//wwwapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn

web AD folder : \\ncrws536\wwwappsroot\Saf-Sec-Sur\2\AwD-CN\documents

CAWIS INTERNAL

https//tcapps.tc.gc.ca/saf-sec-sur/2/cawis-swimn/

web AD folder : \\ncrws539\tcappsroot\Saf-Sec-Sur\2\AwD-CN\documents