Currently, the NYU web environment is run in a load-balanced pool of Linux servers. A 2TB file system is mounted from a clustered NFS server. We run the Apache webserver, version 2.2.15.
On the non-CMS server, we have the capacity to enable our webmasters for cgiwrap to run scripts using Perl as well as PHP (after a review of their project proposal). We can provide access to a MariaDB database and web-based access through PHPMyAdmin. Please note, however, installations of php-based CMS applications (e.g. Drupal, Joomla), bulletin board, wiki or blog software (e.g. PMWiki, Mediawiki, Wordpress, etc.) are not permitted. SSI and SSL can be used. SCP may be used to transfer files as well as SFTP. Note, we do not support regular FTP, only SFTP.
Our version of PHP is "locked-down" for security purposes using Suhosin, an advanced protection system for PHP installations. We don't display any error messages, register_globals is turned off, and file uploads via the $_FILES global array are disabled.
We cannot provide access to the main error logs.
Clients who wish to implement a MariaDB database must first supply details about their project plan, including how the collected/stored data will be used. The client should be prepared to answer the following questions:
- What kind of data are you planning to collect? Please describe your application in detail.
- Will your data contain any information that may be deemed "sensitive"?
- What will be the lifetime for the data you are collecting? In other words, for how long do you need the data to be stored in our secured database?
- Will your site require upload functionality?
Information that may be considered "sensitive": Social Security Numbers (SSNs), driver's license number (DLN), Date of Birth (DOB), mother's maiden name, bank account numbers, NYU ID ("N") numbers. Please review the Electronic Data and System Risk Classification Policy for more information.
NYU is subject to various federal, state and local regulations. Among these are the Federal Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) as well as NY State consumer protection regulations. For these reasons, you should not collect highly sensitive information on your site. Where necessary, use the NYU NetID as a unique identifier for NYU affiliates and consult NYU IT on proper use of the NetID.
As per NYU's Personally Identifiable Information Policy, SSNs may only be used in the narrowest of circumstances and with high-level approval.
If a database is storing personally-identifiable information (PII) as part of a transaction, for example, as part of a Request for Service, RSVP, or Subscription, that information should be only kept for a limited time to facilitate the transaction. Such information should be periodically purged from the database. If PII information is needed to be kept for ongoing subscription, service, or archival purposes, it should be removed from the database and placed into a proper system of record.
- Clients must meet our TLS standards for server systems, API clients, or anything else that may be linked to NYU sites.
- Clients are prohobited from credit card collection and payment processing and are instead required to use the NYU ePayments service.
- Clients are prohibited from using a database for collection and storage of Moderate Risk and High Risk Information as per the NYU Electronic Data and System Risk Classification Policy.
Web Server Hosting
NYU schools, departments, or project groups who wish to create websites that incorporate third-party, application-based functionality, or who require specific server configuration changes that cannot be accommodated on the enterprise web server, may be interested in contracting with NYU IT for a Web Hosting Server Level Agreement (SLA), a fee-based service.
For more information, visit our Services section.