Web Related Policies and Guidelines

The City University of Hong Kong (CityUHK) website provides links to and information about the University, its teaching and research mission, its academic programmes, resources, services and people, to a wide audience of staff, students, alumni, faculties, collaborators, potential employers and visitors. Therefore it is important that the web pages provide the best possible representation of CityUHK.

With a view to providing a reference site for all departments and offices to refer to when they engage in web publication, the Enterprise Solution Unit (ESU) has prepared this guide to the related policies, design guidelines, references etc. that are relevant and certainly useful for publishing on the web.

1. Policies Governing Web Publication

Web publishers at CityUHK are responsible for the contents of the pages they publish and are expected to abide by the highest standards of quality and responsibility. These responsibilities apply to all publishers, from academic departments to administrative offices. In addition, publishers should make sure that the use of resources is tied firmly to the mission of CityUHK and all web activities must support research, education, administrative processes, community service and legitimate pursuits. They are also required to comply with relevant CityUHK rules and policies, and international and local laws concerning appropriate use of computers, information and data security.

• Policy on Central Hosting of Web
• University-Wide Web Accessibility Policy
• Policies on Use of IT Services and Resources
• Domain Name System Policy and Guidelines
• Policy and Guidelines for the Use of the University's Name and Visual Identity
• University Intellectual Property Policy

2. Web Hosting Environment

• Central web hosting

  Central web hosting service is set up to provide a consolidated, fully monitored and managed environment for hosting departmental web sites or project web sites. The hardware and the software of the central web service are maintained and supported by the ESU while the web page contents and applications are developed and maintained by the departments. Compatibility and technical advice will be provided to assist in the development of a new website or migration of existing websites. In order to provide a stable environment for the web services already hosted, NO development activities is allowed in these web servers. Users are expected to do all developments and testing on their own machines before uploading to the central web hosting servers.

  As highly reliable and secure central servers are used to host these services, web site owners can then concentrate on the development of their web contents or applications without worrying about the server management or operational support of the servers. It also relieves these owners from the burden of keeping the servers secure and the effort to manage them.

  It is hoped that this centralized support arrangement can eradicate the levels of risk of having many web servers distributed around the campus with different security protections. The consolidated infrastructure to host these websites also leverages economies of scale, thereby creating significant cost savings.

  Two hosting environments are provided: Web Content Management (WCMS) and Microsoft IIS.

  • WCMS is provided as a standard for websites requiring a Web Content Management System.
  • Microsoft IIS is provided as a standard for HTML and web application hosting. It supports HTML, ASP and ASP.NET. Database support is provided by Microsoft SQL Server. Detailed information can be found here.
• Hosting on departmental web server

  Departmental web sites can be hosted on the departmental web server maintained and supported by the department. It is the responsibility of the department to perform proper server management to ensure the server is secured from hacking and attacking activities. Below are some guidelines and notes for maintaining the departmental web server.

  • Apply a domain name for the web server and avoid using IP address in the URL.
  • Complete the server registration for the web server.
  • Devise a backup strategy for backing up the website information and data.
  • Apply latest OS patch.
  • Turn on Firewall (if any) to protect the server.
  • Install anti-virus program and apply its latest patch. Set schedule to update or download the latest virus definition file.

3. Secure Your Website

Departmental and/or project websites represent the University as a whole, therefore attacks by internet hackers causing defacement of websites and information corruption are highly undesirable. To avoid these from happening, below are some guidelines for maintaining a secure website.

• Tighten the folder and file access control and do not allow any directory in the web server to have both write and execute privileges for the everyone group.
• Request Information Security Unit (ISU) of the CSC to perform web security scanning when the website is revamped or re-developed.
• For protected contents that require user login, the corresponding website should integrate with CityUHK Central Web Authentication Service to facilitate CityUHK members to authenticate with their EID and password. (The website should not create local accounts for CityUHK members.) Departments may submit an IT Work Request to the Central IT for using the service.
  For external users authentication, making use of Google accounts, Microsoft accounts, etc. via OAuth or OpenID Connect is highly recommended. Creating system local accounts should be avoided whenever possible.
• Do not download or run programs from un-trusted sources on the web server.
• Subscribe to product security notification.
• For departmental web servers, apply a SSL web server certificate from a CA to protect sensitive information such as login username and password. Department can submit a CSC Work Request and CSC can help to get the SSL web server certificate from Thawte for the departmental web server.

4. Design and Create a Website / Web Page

• Standard elements of a CityUHK departmental web page

  The University Web Templates are designed for all colleges', schools', departments' and administrative units' websites under the City University of Hong Kong. It aims to improve the brand image, web usability, user experience, information architecture and online presence of the University websites.

  The detailed guidelines on the use of the University Web Templates can be found here.

• Search engine friendly website

  In order to dramatically improve search results within the University site and search engines in general, it is important to include certain search engine specific information on your page as part of the Search Engine Optimization (SEO) strategy. Below are some tips on improving your search ranking.

  • Good title in the "Title" tag — Good title with descriptive keywords is vital in achieving high search engine ranking.
  • Keywords in "Meta" tag — You can define keywords and phrases that represent the page content. List the keywords in order of importance.
  • Description in "Meta" tag — It is used to give a short description of the page. It is indexed by search engines and should be kept brief, preferably a sentence or two with good keywords.
  • Keywords appear in the first paragraph of the body text — This helps in determining how relevant the page is to a specific topic or search term.
  • Avoid using frame — Search engines may have problems indexing framed pages.
  • Avoid duplicate content — Use the rel=canonical tag to suggest the preferred version of a set of pages with highly similar content. For example:
    <link rel="canonical" href="//www.cityu.edu.hk/web-guide/">
  • Images and graphics — Search engines cannot index images. Always write descriptive alt text for each image.
• Best practice and tips for creating a website / web page
  • Use relative path for URLs — When linking pages within your own site, use relative paths instead of absolute paths. This saves maintenance effort when your site is moved.
  • Use Server Side Includes (SSI) for repeated items — Save repeating HTML content in a separate file and include it via <!--#include file="path_to_file/footer.htm"-->.
  • Use CSS to separate content from page formatting — All design information is kept in one place; changing the stylesheet updates the look of the entire site.
  • Avoid using tables for layout — Use div tags and CSS instead. Tables are for tabular data and can be confusing for screen reader users.
  • Avoid using frames — Some people have difficulty navigating within frames.
  • Avoid pop-ups if possible.
  • Tag appropriate links as [ppt], [pdf], [staff only], [login required], etc.
  • Share your website to social networks — Share your website on Facebook, X (Twitter), etc.
    
  • Web Accessibility — Web Content Accessibility Guidelines (WCAG) 2.0 from W3C and the Web Accessibility Handbook from the Office of the Government Chief Information Officer cover a wide range of recommendations for making Web content more accessible.

5. Testing a Website

• Validate your website by W3C Markup Validation Service. This validator checks the markup validity of Web documents in HTML, XHTML, SMIL, MathML, etc.
• Validate your website by W3C CSS Validation Service.
• Validate your website by W3C Link Checker.
  
• Browse your website with the most common browsers — Edge, Chrome, Firefox, Safari, etc.
• Browse your website with different devices — Windows PC, Mac, iOS devices, Android devices, etc.
• Check for spelling mistakes.
• Check for broken links.

6. Web Account Maintenance and Quality Assurance

Herein are some good practices that web account owners on the university central web servers should follow to ensure the wellness of their websites.

• The university web servers are open to public access, therefore content stored should be properly protected. Under no condition should it be used for general storage, especially sensitive data (e.g. students' personal data, grades). Special care should be exercised to ensure the data is properly protected (e.g. encrypted) where necessary during storage and transfer, and removed immediately after use.
• Users should adhere to the 'Purpose of Usage' specified at the time the web accounts were created. It is critically important that the information provided in the pro-forma of the Annual Renewal exercise is correct and most up-to-date. Inform the ESU via a CSC Work Request should there be any changes such as their usage, site administration or support personnel.
• Departments are strongly advised not to renew those web accounts which are no longer in use. If for some reasons they need to keep their web accounts for URL redirection, they should delete all old contents in these accounts and keep only the index file containing the redirection instruction.
• Often web accounts are shared by a number of staff for maintaining different web pages. The names of these staff, their responsibilities and how they coordinate with each other should be documented. This information is vital especially in the handover of web accounts due to staff departure or change of duties.
• If departments do not have the password to access web accounts which were opened long ago due to staff departure, they should submit a CSC Work Request to reset the password, backup the contents, and instruct the ESU to remove the account. Idle or unattended accounts may run the risk of being hacked.
• To optimize disk resources on central servers, please perform the following regularly:
  • Do not use the web account as general file storage.
  • Tidy up the web account by removing out-dated, unused, and backup files from the server.
  • Download old version files to your local PC and remove them from the server.
  • Do not upload large volumes of pictures; use lower resolution and smaller sizes sufficient for display.
  • Do not upload video to the web server; use the Central Video Server for better streaming performance.
• If there is a considerable upgrade to the web pages, in particular those involving programming or database usage, you are strongly recommended to contact the ISU for a web site vulnerability scan before launching the new pages.

Failure to follow the above conditions may result in a breach of security, loss of data, poor performance, etc. which may tarnish the name of the department and the university.

Last modified: April 2025