This page contains a collection of matters related to website security.

A major reason for the 2023 reword of the LLIR website was to improve security. LLIR adopted the approach of dividing the website into two areas, one of which is available to the public. This public area includes the Front Page of the website opened by the address llirto.ca. Members must login access the member area that contains all pages that only members should see. For details on how that goal is achieved, see the sections Initial Priority, Headers and Menus on the Implementation Strategy page.

Don’t Break Login Security

Do not create a link from any page that a user can see before logging in to any page intended for members only. The mechanism that prevents unauthorized users from reading pages that only LLIR members should see is Login. In this discussion, the term public area refers to menus, buttons, pages and all that users can see before logging in. Three design features keep the public area of the website strictly separate from the member-only area:

  • After logging in, members see a larger menu and more buttons than appear in the public area.
  • The search bar does not appear in the site header until after a member logs in.
    Non-members cannot search the entire website for occurrences of specified words or phrases.
  • The destinations of all links from the public area are also in the public area.
    Exception: links to other websites and non-interactive documents like image files are safe.

An implication of this last point above is that you should always check before inserting a link into page that the public can see. For example, suppose the Board decides to tell non-members how to donate to Glendon by inserting a link to the Supporting Glendon Students page. First,check whether this page resides in the public area. If not, you have two choices:
> Change the designation of this page to public access
> Don’t link to it
Even though the page may look safe, links from it to other member-only pages may be added in the future.
In contrast, links from the member-only area into the public area have no impact on security.

Adding a Page to Public Area

An additional feature, a conditional element, displays a message Please Log In on a blank page whenever a user accesses a member-only page without logging in. If you add a page to the public area to the website you must modify the conditional element to supress this message. For an explanation and instructions for doing that, see How to Suppress the Please Log In Message.