Currently, the NYU web environment is run in a load-balanced pool of Linux servers. A 2TB file system is mounted from a clustered NFS server. We run the Apache webserver, version 2.2.15.
On the non-CMS server, we have the capacity to enable our webmasters for cgiwrap to run scripts using Perl as well as PHP (after a review of their project proposal). We can provide access to a MariaDB database and web-based access through PHPMyAdmin. Please note, however, installations of php-based CMS applications (e.g. Drupal, Joomla), bulletin board, wiki or blog software (e.g. PMWiki, Mediawiki, Wordpress, etc.) are not permitted. SSI and SSL can be used. SCP may be used to transfer files as well as SFTP. Note, we do not support regular FTP, only SFTP.
* Our version of PHP is "locked-down" for security purposes using Suhosin, an advanced protection system for PHP installations. We don't display any error messages, register_globals is turned off, and file uploads via the $_FILES global array are disabled.
We cannot provide access to the main error logs.
Clients who wish to implement a MariaDB database must first supply details about their project plan, including how the collected/stored data will be used. The client should be prepared to answer the following questions:
Information that may be considered "sensitive": Social Security Numbers (SSNs), driver's license number (DLN), Date of Birth (DOB), mother's maiden name, bank account numbers, NYU ID ("N") numbers. Please review the Data Classification table for more information.
NYU is subject to various federal, state and local regulations. Among these are the Federal Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) as well as NY State consumer protection regulations. For these reasons, you should not collect highly sensitive information on your site. Where necessary, use the NYU NetID as a unique identifier for NYU affiliates and consult NYU IT on proper use of the NetID.
As per NYU's Personally Identifiable Information Policy, SSNs may only be used in the narrowest of circumstances and with high-level approval.
If a database is storing personally-identifiable information (PII) as part of a transaction, for example, as part of a Request for Service, RSVP, or Subscription, that information should be only kept for a limited time to facilitate the transaction. Such information should be periodically purged from the database. If PII information is needed to be kept for ongoing subscription, service, or archival purposes, it should be removed from the database and placed into a proper system of record.
NYU schools, departments, or project groups who wish to create websites that incorporate third-party, application-based functionality, or who require specific server configuration changes that cannot be accommodated on the enterprise web server, may be interested in contracting with ITS for a Web Hosting Server Level Agreement (SLA), a fee-based service.
For more information, visit our Services section.