'design brief' type website security system
At the core of any 'Design Brief' type website that ICON develop is a security system that provides the following:
-
Secure management of users and user access via a web browser
-
Password protected login to system with automated login if required
-
Tailored user access depending upon rights granted by administrator
-
Tracking of user activity
To understand more clearly how this works in practice it is necessary to have an overview of the publishing process:
1. Collation of Source Information
ICON do not create any information. Although we have a construction industry background, building design and specification is not work that we undertake. As well as receiving briefing information direct from the client, it is normal for us to receive information from a clients consultants such as Architects and Engineers. Typically, this information already exists in some computer based format. Please refer to the table below for some examples:
| SOURCE FILE TYPE | APPLICATION TYPE | |||
| Word WordPro Etc. |
 |
WP | ||
| Access Approach |
|
Database | ||
| Excel 123 |
|
Spreadsheet | |
SOURCE INFORMATION |
| Quark PhotoShop Illustrator jpeg, gif, bmp etc. |
|
Graphic | ||
| AutoCAD MicroStation |
|
CAD |
2. Creation of a Security Model
Once the source information has been received, the first thing to do is to analyse how it has been structured and to relate each package to any other packages that exist. Based upon this analysis and detailed consultation with the client, we propose a security model for the website that achieves two main objectives:
-
Creates a site structure that can be managed by different departments
-
Creates a site structure that relates to user access to the site
The table below gives an example of how this security structure might work:
| PUBLIC | LEVEL 1 | LEVEL 2 | LEVEL 3... | TRIALS | ADMIN |
| Login page | Basic registered user | Increased Access | Access to all areas apart from Trials
Additional security levels can be provided as required |
Only a handful of selected users are able to see the new concepts | Access to User Manager and Logging Interface |
Please note that this Security Model is flexible and can be reviewed and adapted as required, though it is preferable to get the Security Model as correct as possible from the outset to avoid the need to re-structure any published information.
3. Process of Source Info
Once the Security Model has been agreed, ICON can start processing the source information. A good example would be where we have receive a Quark document from a graphic designer. This will typically have been created on a MAC computer. We have much experience of working with MAC produced documentation and are nearly always able to extract all the information we require without too much trouble. once the information is in PC format, we then start restructuring it so that it relates to the Security Model. To enable the Security Model, each web page created has a short line of code added that checks the users access rights and determines whether they have been granted access to that page.
3. Publish to Web Server
Once the information is ready, it is published to the web server using either Microsoft FrontPage or third-party FTP software.
4. User Login
When a user first comes to the website s/he is presented with the login page. A typical example would be:
|
This is a private site that is accessible to pre-registered users only |
||
| Please enter your e-mail address and password: | ||
| E-Mail Address: | If you have forgotten your password just fill in your e-mail address and click 'E-mail Reminder' to have your password emailed to you. Alternatively, you can request your password hint which will hopefully jog your memory. | |
| Password: | ||
| Remember Me: | Un-Check this box if you want to re-enter your email and password every time you visit. | |
At this point the user can do a number of things:
-
If the user is already registered on the system, s/he enters the registered e-mail address and password then clicks Login.
-
If the user leaves the 'Remember Me' check box ticked, a cookie will be placed on the user's computer which will automatically verify and log the user in on the next visit to the site.
-
In the event that the user has forgotten their password, s/he can enter the registered e-mail address and click the 'Hint' button. A password hint that was chosen when the user was first registered on the system, will be displayed.
-
If the Hint does not jog the user's memory sufficiently, the user can enter their e-mail address and click the 'E-Mail Reminder' button. Within a few moments e-mail will be sent to their e-mail address containing their password.
As the user successfully logs in, an entry is made into the user database recording the user name and date & time of login. As far as possible, all of the User Login process has been automated thereby negating the requirement for someone to manage the system.
5. User Access
One a user has logged in and accesses any page on the site, the security system does one of two things based upon the user's rights:
-
If the user has been granted access to the area of the site that the page is in, the rest of the page is then sent to the users web browser.
-
If the user does not have access to the area the page is in, another page is displayed stating that the link they have just followed has lead to a part of the site to which they have no access. In this instance, they can request access to this area by completing a form which is then e-mailed to the site administrator.
Using the security system it is possible to track each and every page accessed by each and every user. In practice this generates huge log files that are of little interest to most administrators. We therefore tend to just record the user login to the site. Additionally, we are able to provide site usage logs using third-party software that can detail all sorts of information about user activity on a website.
6. User Feedback
If any website is to provide useful information to it's users, getting user feedback should be a part of the process of development. If a user has any comments or questions to make on the website, a feedback page is made available. As the user has logged into the system, the feedback form can automatically completes a number of the fields such as user name and e-mail address. Also, because the system has been tracking the progress of a user through the site, this information can be made available to the recipient of the feedback form.
7. User Settings
Finally, an option for the security system is to let users manage their own user account. Via an online form user can, if required, change:
-
Name
-
E-Mail Address
-
Company Name
-
Logon Name
-
Password Hint
Any other information that may be stored about the user, such as Mobile Phone No. could also be changed if required.
Again, automating this process saves time for the website administrator.