What it is necessary for using this site
⇒ Javascript - always used.
⇒ Pop-up must be allowed for downloading safe files and visit card of people.
⇒ Cookies : The PHP session number (after login) can be in a cookie (better) or in URL (if cookies are not allowed)
N.B. : no other cookie is used.
Privacy in NORMAN site
We have two main files of personal data, in csv EXCEL format
* about people
- Surname
- first name
- fonction in their organisation (written in visit card)
- Name of login - used as directory for uploading files
- Password
- Level of authorisation (none, webmaster, coordinator, user, reader)
- e-mail
- address (if different of organisation main address)
- phone
- fax
- Organisation - in fact indice for the other file
- Country
- Contact Point (yes or no)
- Sector of activity - matrix (written in contact point page)
- Sector of activity - laboratory (written in contact point page)
- Newsletters (X or nothing in the field)
- Contact Point (X)
- Ref Lab Criteria (X)
- JPA / business plan (X)
- Workshop (X)
- Validation (X)
- Search (X)
- Case 1 (X)
- Case 2 (X)
- Case 3 (X)
- Position in picture (for thumnail above the head in picture - html : usemap - circle),
it can be replace by a mark to hidden this user (used now for test users, the webmaster is not a pollutant specialist)
N.B.: The file is sorted (1) by country (2) Organisation (3) Surname.
* About Organisation
- institut (short name)
- full name
- address short
- address long for pop-ups
- logo name (for access to a picture)
- country (2 characters)
- indice (for finding the link to people)
- type of organisation (to be listed in consortium page or advisory group)
- text about the organisation
- link to extra text about the organisation (if exist) - The previous one is too long for EXCEL
* For recording a new partner
- Concatenation of the record of the two previous files
- additionnal :
- a second copy of password is requested
- additionnal country (the first is not used in fact)
- activity (the first is not used)
* For modfying partner parameters
- as the first file - additonnal password confirm
+ In fact, the files of new partner and modfying are done for a copy and paste of line and after several adjustements by coordinator.
* Mailing file :
- surname
- first name
- Name of organisation (short name)
- Full name
- Address
- URL (or website address)
- Country
- Type of activity
- e-mail
- phone
- fax
- Newsletter (choice to be contacted when there is a new newsletter)
- Workshop (choice to be contacted when a worshop is arranged.
* Session (when someone is logged)
- Full record of the first file for the partner logged
- boolean for init mail (internal use)
* Historic files
- We keep traces of uploading with IP address and deleting files
- The IP address record is in case of abuse to try to trace who has sent files (risk of illegal files)
- The IP address is also inside the author e-mail. If someone used his ID, he can understand very fast.
* For mailing, people can test if his e-mail is already recorded. He can have a copy of his record by e-mail.
* He can delete the record.
* Testing and deleting records of mailing are hidden (now - waiting request to the coordinator)
* Partners who have forgotten their password can request a copy of the password (e-mail).
* Partners can read their records (main part, not fully).
* Partners can request to modify their records (main part, not fully).
* Reading and modifying the entire record is hidden (too long to explain each parameter - real list is above)
How are recorded your files (upload - download files)
* Your main files
- In a directory with your login name.
* Files to specify where the main files must be seen
- In an other directory with your login name and the same name of files.
You have a value which specify where the main file must be seen and your comment about this file.
You cannot have several files with the same name even if they are seen in differents places.
The file name can be modifyed for becoming a valid URL name and for security reasons.
* URL record (if you record URL)
- In a file with your login name.
Four items for a record, the URL itself and the comment, the place where it is going to be seen, the date-time.
A new record is added at the end of files.
For deleting a record, a copy is done in an other file without the record, and the copy replaces the old file.
* Historic files
- A file with your login name for the file uploaded and URL sended
As we want to be able to trace illegal files, we keep informations only in this case, not for deleting.
Name of file, where it is going to be seen, the date-time.
For security reasons of illegal files, if it is possible : IP address, DNS, User agent (see PHP variables).
N.B. : Real log files are too big, very difficult to find information inside.
Forbidden in public area
Only if you have logged, you can access to the workspace area, but it is forbidden in public area.
This is a link to "private" :
private/meeting/meeting
If the user is not logged, the directory "private/", "private_docs/", "telecharge/"
are forbidden.
A hacker can replace a file name in URL.
A page used both in public and workspace area, but with different parameters and results differents.
Inside the page there a test to cancel the page,
if it called in public area.
people
Security for files (reserved for workspace area & uploaded files)
This is the link for files you can upload and download.
Here for demonstration, the link can be reached both from public area and from workspace area.
It is forbidden in public area.
Historique .
Explanation : the simple link is : "telecharge/a/louapre.txt". We can write :
<a href="telecharge/a/louapre.txt" target="_blank" class="bgecrirelien"> … </a>
But if we protect the directory by ".htaccess" or equivalent, we cannot read the file.
For reading the file even if the directory is protected, we can use a php function as "readfile"
after announce the file with "headers". In fact, it is adviced to use equivalent for big files.
For protection, we must check if the user is logged. We prepared this as function.
<a href="read_file.php?".$ajout_SID_val."file=telecharge/a/louapre.txt{$ajout_log}" target="_blank"> … </a>
To hide a little bit the link, but it is not relevant for hacker, we used a link a little different :
<a href="#" onclick="javascript:readfilejs('{$ajout_SID_val}file=telecharge/a/louapre.txt{$ajout_log}');"> … </a>
The PHP variables are used to give allowance for the file with checking session variables.
These two variables are empty if there is no session opened (not logged).
The first variable is used only if cookies are not allowed (session number).
Security for e-mail (anti-SPAM)
The e-mail are encoded for sending to the users. The code is simple if someone want to decode it, and you can
find the key in the "javascript function" but I think it would be difficult for automatic spammer tools.
You can click as usual to open your e-mail tool.
If we'll add later e-mail, we can use pictures with text. In your document, an advice:
at least, replace the character "@" by other text (example "<at>").
The webmaster is not responsible of SPAM, if e-mail is inside uploaded document (doc file …) or document
added by other people (doc file …).
Missing pages
Expected in a short time
- Glossary of terms - see at the top. Now, it is a link toward the home page.
Suggestions, please.
You can mail to the webmaster if you wish to provide suggestions about the site.
Sorry if my English language is not perfect, this page is not checked for English language.
For upload files and URL, I put 2 rooms for each. The choice is for esthetic reasons at the request of Valeria.
I tested with 8 of each and it was relevant. Now it is a parameter, and I can choose any number.
How many files or URL do you prefer at each time ?
Special links
Login - Logout - other controls (two lines of menu …)
Link for e-mail to check registration details (used for debugging e-mail link)
Link to mailing page with deleting form
Link to complete partner registration or to check all parameters
