Terms of Service

Use of computing services at Texas A&M University is governed by Information Resources — Acceptable Use SAP. Please read and be familiar with these procedures before requesting an account or directory space on the university web server. The following guidelines dictate specific additional terms of use on the Texas A&M university web server (www.tamu.edu), hereafter "the server."

Page Contents:

• Scripting languages and allowed packages
• Database access
• Digital media or other types of large files
• Web directory structure
• Student organization sites
• Website abandonment or lack of maintenance
• Site redirects
• Passing of secure information
• TOS change and policy enforcement

Scripting languages and allowed packages
To ensure the security of the server, several specific software packages are forbidden from use on the machine. A minimal installation of Perl and PHP will be made available and kept current, but many of the advanced features will not be installed.

Software packages such as blogs and bulletin boards are explicitly disallowed on the server. These applications have historically been prone to containing poorly written code that can be exploited to gain unauthorized privileges on the machine. Attacks against these known holes have increased dramatically over the last few years, as evidenced by server access logs. Other campus resources are available for hosting these services and should be used instead of hosting them here.

Individual scripts that are identified by system administrators as potentially exposing others to risk or abuse may be disabled and/or removed. All reasonable efforts will be made to communicate with the site owner and manage the removal in a such a way as to minimize service interruptions, but removal may precede notification if the situation is deemed to warrant such action.

Database access
The server is designed first and foremost to host and serve university web pages. While various scripting languages are installed on the machine, it is not intended to be an application server. In order to preserve resources for the delivery of web content, a database server has not, and will not be installed on the machine. The PHP and Perl interpreters may or may not be configured to with MySQL database clients, so connections to remote databases are not guaranteed. However, any such remote connection that is allowed MUST be made over a secure connection. If such functionality is needed, please contact the university webmaster's office (webmaster@tamu.edu) about configuring a secure connection.

Digital media or other types of large files
The server was designed to serve Web pages, and is not to be used as media servers for large media files, or as download areas for large files of any type. You may not place any large digital media file (MP3 audio, any type of video file, or any individual file over 5MB in size) without written authorization from the university webmaster's office. This is to insure the proper functioning of the public university web site and to protect the server from the extraordinary traffic volumes and storage requirements that digital media files sometimes impose. Other university resources exist which are better suited for the hosting of these types of files.

Web directory structure
Requests for particular forms of URL are made on a "first-come, first-served" basis and certain URL forms may not be available to you because they are already in use. The university webmaster's office also reserves the right to refuse requests for URL forms likely to be used for university administration (e.g., URLs including words like "security" or "emergency").

Student Organization Sites
The Division of Student Affairs (DSA) has made special provisions for the hosting of student organization web sites. Recognized organizations can apply online for web server space provided by Student Affairs. The university webmaster's office will be acting in conjunction with Student Affairs to transfer websites housed on the server over to the new locations.

Website abandonment or lack of maintenance
Texas A&M reserves the right to archive and remove sites on the university web server that have been abandoned. Abandoned sites are defined as those sites which have not been edited or updated in two years or more and which contain content that is patently wrong or out of date. The university webmaster's office also reserves the right, when necessary, to archive and remove web sites when a complaint has been made about a site and the official directory owner cannot be contacted or has left the university. The university webmaster's office will make reasonable efforts to contact site owners in such cases; however these apparently abandoned web sites may be removed in any case without notice after two years of inactivity.

Site redirects
The university webmaster's office realizes that organizations often wish to move their web presence off of the server and onto their own hosts. This process has historically not been coordinated, resulting in dozens of abandoned directories on the server. Many of these directories contain out-of-date information, others have placeholder information linking to the new site, and others use "meta" refresh tags to automatically send the visitor to the new location.

This process is being discontinued in favor of a cleaner methodology for redirects. If a university organization no longer wishes to host their site on the server, they should contact the webmaster's office (webmaster@tamu.edu) in order to coordinate an orderly transition. Once the organization's new site is available, the directory on www.tamu.edu is to be archived and removed. A server rewrite rule will then be added to the university web server configuration file to automatically redirect requests to the organization's new website location.

SSL and passing secure information
The university web server is configured to support SSL connections and TAMU-signed certificate is currently installed. It is recognized that this can cause web browsers to complain about untrusted certificates. If this becomes an issue, commercial certificates can be purchased and installed.

Applications that require the passing of privileged information MUST do so over a secure connection. Please note that this is particularly important for logins. Basic authentication is enabled, but if directories are to be protected by such login boxes, users should be directed to these URLs via links to the encrypted "https://" version of the URL. CAS login through Perl or PHP is available and is is generally regarded as preferable to customer-created login scripts.

Guideline changes and policy enforcement
These service guidelines for the server may change without notice. However, where and when possible, we will give the Texas A&M Web community advance notice of any anticipated changes. As the keepers of the university's public web site, we also reserve the right to make any technical changes to the server as necessary. Again, prior notice will be given when possible, though such warnings may not always be possible. In any case, the security of the server dictates that immediate action may be taken to deactivate accounts, remove web sites, delete files, or alter server configurations whenever the normal operation or security of the machine may be endangered.