Registration



Services

Администраторам

    Memorandum for Web Site Administrators at JINR

    1) Contacts.

    For questions related to the hosting and accessibility of JINR websites, you should first consult the system administrators of your laboratory or the JINR Network Service NOC.

    2) Hosting and Accessibility from External Networks.

    The site should be hosted on specialized laboratory servers or on LIT's hosting platforms. It is not recommended to place operational websites on personal work computers or in the external network. Since March 2022, the accessibility of JINR web resources from external networks is restricted - http and https access is permitted only for certain servers. If you cannot host your website on these servers and want to enable direct http/https access to your IP address from an external network, you must write a justification letter to the management of your laboratory. Indicate your website's IP address and provide justification for adding it to the permitted list. Your website will be checked and opened if the content complies with the terms and the technical state meets security requirements.

    3) Website Development.

    We recommend that all data entry forms for external networks be protected by CAPTCHA, see https://ru.wikipedia.org/wiki/%D0%9A%D0%B0%D0%BF%D1%87%D0%B0. All data coming from forms must undergo checks for permissible size and values. Use a "whitelisted" approach, where only listed inputs are allowed, and everything else is prohibited. Minimize the use of links to external engines, styles, analytics, counters, and geolocation services. If the site is dedicated to a specific one-time event (conference, school), we recommend removing all active content (scripts) from the website after the event, disabling forms, and leaving only html/pdf content on the site. Sections intended for viewing only from the JINR network should be secured with access lists by IP addresses 159.93.0.0/16. You can also use password authentication via SSO (login.jinr.ru).

    4) ebsites Developed by Third Parties.

    Some departments order "turnkey websites" from external organizations. The main mistake in such cases is the complete lack of subsequent support, as payment is usually made only once, for the development. When placing a website in the JINR network, you are REQUIRED to ensure its support, i.e., appoint an employee responsible for the website for its entire existence, ensuring its functionality and security.

    5) HTTPS Mode (Encrypted Connection Using SSL Certificate).

    It is recommended to use a redirect mode from the http version to the https version. Laboratory administrators have access to the *.jinr.ru SSL certificate for implementing the https mode. You can also use the Let's Encrypt system (https://letsencrypt.org/) to obtain and auto-renew free three-month certificates.

    6) Support.

    Each website must have a responsible administrator throughout its lifecycle. In the absence of one, unavailability to contact them, or failure to comply with the recommendations of laboratory/NOC administrators, access to the site may be suspended. The web resource administrator is OBLIGED TO KEEP the software versions involved in the resource’s operation up to date at all times, if this software falls within their area of responsibility. For example, vulnerabilities are most often found in content management systems (CMS), DBMSs, and PHP implementations. It is essential to update packages like Joomla, Wordpress, MySQL, and PHP in a timely manner. If you are maintaining a website from an external network, use a VPN connection via the remote access service https://noc.jinr.ru/ru/service/remote-access.php.

    7) Moderation.

    If forums or the ability to comment on posts are placed on the site, the administrator is obliged to provide moderation of the content, i.e., remove all posts that do not align with the scientific activities of JINR and the legislation of the Russian Federation. It is also necessary to keep web server logs for a minimum of one year.

    8) Конфиденциальная информация (личные данные).

    If the website collects and stores personal data, the administrator is required to:

    • Inform users about this.
    • Collect only the MINIMALLY necessary data set.
    • Ensure safe storage.
    • Ensure data deletion upon project completion.
    In case of a data leak, the website will be suspended, with recovery possible only after fixing vulnerabilities and upon application to the LIT administration. Remember, non-compliance with data storage regulations can lead to severe fines for the institute.

    9) Blocking Access to the Website Access to the site may be suspended in case of violation of the listed conditions:

    - Lack of site support and designated responsible personnel.
    - Presence of critical vulnerabilities.
    - Ignoring the requirements of laboratory administrators or NOC.
    - Non-compliance of content, unauthorized collection of personal data.