The personal web page option currently offered via the People2 server will be retired June 1, 2017.
"Clickjacking", also known as a "UI redress attack", is when a malicious website uses opaque layers to deceive a user into clicking a button or link that takes them to a page different than what the button or link indicates they will be taken to.
A similar technique allows keystrokes to be hijacked. Using a combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.
To help prevent this from happening to guests of the Ohio University website, we have implemented a practice that prohibits, with few highly controlled exceptions, content from resources on Ohio University websites being displayed on servers outside of the www.ohio.edu domain. Thus, if you have a personal website that is hosted on an outside hosting provider, and you were displaying content from your university provided personal web space on that website via I-Frame or other means, it may no longer display properly.
In order to reduce the risk of "man-in-the-middle" attacks, we are shifting all Front Door resources from standard ("plaintext") to secure ("encrypted") serving.
There will be no changes in the authoring process for your public web pages. Their URLs will change from http://www.ohio.edu/people/OhioID/ to http s ://www.ohio.edu/people/OhioID/, but the Front Door will be configured to automatically redirect any browser request for an old URL.
For password-protected (restricted-access) web resources, the URL will change from https://www.ohio.edu/people/OhioID/ to https://www.ohio.edu/people/OhioID/ restricted / — unfortunately, this change cannot be addressed by an automatic redirect. You must update external links leading to such items, and may be required to change internal links, image references, etc., depending on the details of the HTML code currently in use.
You are eligible to publish a personal website through the university's "people2" system if you fall into any of the following categories:
For brevity, we will use "people2" to refer to the server to which you upload your personal pages. People2 is not the server used for organizational pages or academic and administrative departmental pages, even though the world sees them all as part of www.ohio.edu, the Front Door server.
The people2 server publishes personal pages of current students, current employees, retirees, and — for a limited duration after they leave Ohio University — former students (including alumni) and other former employees. You may not be able to modify your pages during the grace period after you are no longer eligible before your old files are deleted from the server.
On the people2 server, there have been separate folders for the public and the secure subsites, within each of which there is a folder named "people" and within those folders there is a folder for each person. The file locations on people2 are summarized in the following illustration:
If your primary personal home page is on any other server we do encourage you to create a simple home page named "index.html" that contains a link to your primary home page.
Personal pages fall into two categories: those that are under the control of the individual, and those that are not. If in doubt about which category any of your pages falls into, please contact University Communications and Marketing for clarification and guidance.
If an employee's personal site includes work-related information whose content is not under the control of that employee then those pages are generally official, should be marked at the bottom of the page as being copyright by Ohio University, and should include the Ohio University logo signature graphic in the upper-left corner. If that is done, then both the logo graphic and the words, "Ohio University," in the copyright statement should be linked to the Front Door, http://www.ohio.edu/.
All personal pages that are under the control of the individual are unofficial, must not assert copyright by Ohio University, and must not use any official logo graphics, unless specific permission has been granted. It is entirely appropriate for any personal page, and especially appropriate for your home page, to have a reciprocal link to the Front Door. See the rules for the requirement for reciprocal links to the Front Door. Those specifications apply to all categories of pages, not just student organizations.
The first step is to create your personal subdirectories, one for public and one for secure pages on people2, and then apply the appropriate security settings. You will not be able to connect by SFTP to transfer your files, as documented in the next section, until after you have completed this step.
A separate page provides the step-by-step instructions to accomplish this task.
There are three prerequisites to transferring your files according to the instructions below:
You must have SFTP software installed and configured with the correct preferences settings
You must have created your public and secure home folders.
You must have your web site files in place on your personal computer.
Once all three of those are done, then you can transfer your web files to people2 by Secure FTP:
Connect to people2.ohio.edu with SFTP, using your own OHIO ID and password.
The full step-by-step instructions for using Fetch.
The full step-by-step instructions for using FileZilla.
Note: If you are using some other SFTP software then it will be useful to know that the server's full specification for the standard default location after connecting is: E:\WebDocumentFolders\people2.ohio.edu\public\people\
Once the SFTP connection is completed, you will be in the "people" folder inside the "public" folder, and will see an alphabetically sorted list of the Ohio ID-named folders for the people who have already provisioned their public personal subsites.
If you want to work on your password-protected (restricted-access) pages, then:
navigate to the "people2.ohio.edu" folder, where you will observe both the "public" and the "secure" folders
open the "secure" folder
open the "people" folder
Scroll to the folder whose name matches your OHIO ID and open that folder.
See also the discussion of Restricting Access, below.
If you attempt to upload a file that would exceed your disk space usage quota on the server, the server will refuse to accept the full file, but may accept part of it. Your SFTP software will display one or more error messages. A failed attempt to upload a folder full of files may create a folder with multiple partial files. You should delete any incomplete files to ensure that no one downloads broken files.
The disk space quota is enforced for each top-level folder. Thus, if you are authorized to work on more than one subsite, the files you upload for one subsite will count against the disk quota for that subsite only.
Disk space on the server is not free. The primary value of disk quotas is to prevent one person's broken SFTP process from consuming the entire drive. If you need more disk space, please let us know.
If you were planning to use your personal web space to share large files with collaborators, please be aware that OIT also offers several file sharing and storage options.
Once your files are in place on people2 they will be visible to the world. The first time you upload files to people2 you should promptly look at them with your browser to confirm that they are intact.
Any folder in the /people/ subsite, including your home folder, that does not contain a file named "index.html" or a file named "index.htm" will display a server-generated list of links to every file and folder that it does contain; see http://www.ohio.edu/people/ for example.
You can restrict access to your Web pages, permitting only those people whom you authorize to see your pages. Steps for restricting access to files in your website are available here.
If you want to authorize one or more other people to update your personal web presence, do not tell them your password. Let us know the details and we can add or remove assistant pagemasters for a subsite. Submit a request if you need to add an assistant pagemaster.