Guide to Web Publication at City University of Hong Kong
The City University of Hong Kong (CityU) website provides links to
and information about the University, its teaching and
research mission, its academic programmes, resources,
services and people, to a wide audience of staff, students,
alumni, faculties, collaborators, potential employers and
visitors. Therefore it is important that the web pages
provide the best possible representation of CityU.
With a view to providing a reference site for all departments and offices
to refer to when they engage in web publication, the
Computing Services Centre (CSC) has prepared this guide to
the related policies, design guidelines, references etc.
that are relevant and certainly useful for publishing on the
1. Policies Governing Web Publication
Web publishers at the CityU are responsible for the contents of the pages they
publish and are expected to abide by the highest standards
of quality and responsibility. These responsibilities apply
to all publishers, from academic departments to
administrative offices. In addition, publishers should make
sure that the use of resources is tied firmly to the mission
of the CityU and all web activities must support research,
education, administrative processes, community service and
legitimate pursuits. They are also required to comply with
relevant CityU rules and policies, and international and
local laws concerning appropriate use of computers,
information and data security.
2. Web Hosting Environment
- Hosting on departmental web server
Departmental web sites can be hosted
on the departmental web server maintained and supported by the
department. It is the responsibility of the department to perform
proper server management to ensure the server is secured from
hacking and attacking activities. Below are some guidelines and notes for maintaining
departmental web server.
- Apply a domain
name for the web server and avoid using IP address in the URL.
- Complete the
server registration for the web server.
- Devise a backup
strategy for backing up the website information and data.
- Apply latest OS
- Turn on Firewall
(if any) to protect the server.
anti-virus program and apply its latest patch. Set schedule to
update or download the latest virus definition file.
- If it is a
Windows server, install Microsoft Baseline Security Analyzer and
run it regularly.
- Central web hosting
Central web hosting
service is set up to provide a consolidated, fully monitored and
managed environment for hosting departmental web sites or project
web sites on either Solaris platform or Intel platform. The hardware
and the software of the central web service are maintained and
supported by the CSC while the web page contents and applications
are developed and maintained by the departments. Compatibility and
technical advice will be provided to assist in the development of a
new website or migration of existing websites. In order to provide
a stable environment for the web services already hosted, NO
development activities is allowed in these web servers. Users are
expected to do all developments and testing on their own machines
before uploading to the central web hosting servers.
As highly reliable and secure central servers are used to host these
services, web site owners can then concentrate on the development of
their web contents or applications without worrying about the server
management or operational support of the servers. It also relieves
these owners from the burden of keeping the servers secure and the
effort to manage them.
It is hoped that this centralized support arrangement can eradicate
the levels of risk of having many web servers distributed around the
campus with different security protections. The consolidated
infrastructure to host these websites also leverages economies of scale,
thereby creating significant cost savings.
Two standard platforms
are provided for web hosting, one for Unix and the other for Microsoft
Hosting on Solaris
The web server is Sun Java
System Web Server on Solaris 10 server. It supports HTML, Server
Side Include (SSI) and Perl CGI.
Hosting on Intel
(Windows) platform (www6.cityu.edu.hk)
The web server is IIS on
Windows Server. It supports HTML, ASP and ASP.NET. Database
support is provided by Microsoft SQL Server.
3. Secure Your Website
Departmental and/or project websites represent the University as a whole, therefore attacks by internet hackers causing defacement of websites and information corruption are highly undesirable. To avoid these from happening, below are some guidelines for maintaining a secure website.
- Tighten the
file access control and do not allow any directory in the web
server to have both write and execute privileges for the
- Request CSC to
perform web security scanning when the website is revamped or
- Do not download
or run programs from un-trusted sources on the web server.
- Subscribe to
product security notification.
- Apply a SSL web server
certificate from a CA to protect the sensitive information such
as login username and password.
Department can submit a CSC Work Request and CSC can help to get
the SSL web server certificate from Thawte for the departmental
web server. The department has to pay for the cost for the SSL
web server certificate which is cheaper than that of other CAs.
- If the departmental web server
wants to validate CityU's EID and password, Central LDAP User
Authentication Service provided by CSC can help for the
authentication. Department can submit a CSC Work Request for
using the service.
4. Design and Create a Website / Web page
Standard elements of a CityU /departmental web page
The following standard elements are suggested for a departmental web
- CityU logo
The University logo, linked
to the University home page, should appear on every home page of
an official University site. The main graphics standard
regarding the use of the University’s logo can be found at
If the CityU favicon,
preferred to appear in the favorites menu for the bookmarked web
pages, the ideal size of a favicon is 16×16 pixels and the
image must be in ICO format and it should be located on the web
server document root.
- Contact information
All official University
sites should include contact information such as the
location, email address, phone and fax number for
the department. This allows visitors to send specific
questions to the appropriate department directly
rather than sending it to
. In addition, the campus
map also helps visitors to locate individual offices
Level 2, Cheng Yick-chi Building,
Tat Chee Avenue,
Kowloon Tong, Hong Kong.
Phone: (852) 3442-6284
Fax: (852) 3442-0366
How to find us?
- Language (English, Traditional Chinese and Simplified Chinese)
Information should be
presented in English, Traditional Chinese and Simplified Chinese
based on the guidelines for
language support. Following international standards, UTF-8
(an algorithmic mapping to represent Unicode data) should be
adopted as the internal code.
- Site map
A site map, index or outline
provides a top-down view and links to various parts of the
website. Visitors often rely on a good sitemap to locate
information quickly especially when they are lost. Having a
sitemap with links to all your pages also help the search engine
spider to get your site properly indexed.
- Search box
Adding a search function on a
website certainly helps visitors find information more quickly
without having to browse every page. The CityU uses Google
search technology to provide search results for University web
sites. Simply copy and paste the code below into your web
pages HTML and a search form immediately appears.
type="text" name="q" placeholder="Search" />
class="cityu-search-button" type="submit" value="" />
type="hidden" name="site" value="
- Back to Home button
A link back to the site home
page on all sub-pages serves as an escape route so that when
users have navigated deep into your site, they can always get
back to the home page easily and start over.
- Navigation bar
Include a navigation bar of
links to pages within the site to enable users to find and
access information effectively and efficiently. These links
should appear near the top or left of every page for easy
- Appropriate CityU copyright statement
Web style manual
Please refer to the
Web style manual
for the guidelines for general web design which includes
recommended fonts and theme colors for consistency between
departmental website and CityU homepage.
Search engine friendly website
In order to dramatically improve
search results within the University site and search engines in
general, it is important to include certain search engine specific
information on your page as part of the
Search Engine Optimization (SEO) strategy. Below are some tips
on improving your search ranking which have the best effect if they
are applied at the same time and should be good enough to get you
- Good title in the "Title" tag
Good title in the "Title" tag with descriptive keywords is vital in achieving high search
- Keywords in "Meta" tag
You can define keywords and phrases that represent the page
content. List the keywords in order of importance.
- Description in "Meta" tag
It is used to give a short description of the page. It is indexed by search engines like
the rest of the content on your page and should be kept brief,
preferably a sentence or two with good keywords.
- Keywords appear in the first paragraph of the body text
This helps in determining how relevant the
page is to a specific topic or search term. The denser the
keywords are within the content, the higher the relevance will
- Avoid using frame
Search engine may have problems to index the page and even if search engines are able to
index your pages, web users who find your page will only be
taken to one of the pages within the frameset.
- Avoid duplicate content
It is common for a site to have several pages (URLs) listing
the same (highly similar) contents. A canonical page is the
preferred version of a set of pages with highly similar content.
The "rel=canonical" tag lets you suggest the page that search
engine should treat as canonical. For example,
<link rel="canonical" href="http://www6.cityu.edu.hk/web-guide/">
- Images and graphics
Search engines cannot index images and graphics. If having those
non-text elements on your page is inevitable, you should write
description content for each of them. For example,
<img src="your_image.jpg" alt="
a brief description of your image
Best practice and tips for creating a website / web page
- Use relative path for URLs
When linking pages within
your own site, use relative paths (only filename without the
http:// prefix) instead of absolute paths (full URL e.g. http://www.cityu.edu.hk/cityu/)
which should only be used for linking to pages on other web
sites. If you use relative paths, it will save you a lot of
maintenance effort when your site is moved to another directory
or another server.
- Use Server Side
Includes (SSI) for repeated items
There are often items like
copyright information, navigation menu, headers and contact
notices that are repeated on multiple pages. To allow for a
single update on all pages, we can use SSI by saving the
repeating HTML content (must not contain any HTML, HEAD or BODY
tag) in a separate file.
- Use CSS to
separate content from page formatting
The best way to separate
content from page formatting is by means of external Cascading
Style Sheets (CSS). All design information is kept in one place
and when you change the CSS stylesheet, the look of the
entire site will be updated accordingly. This greatly reduces
- Avoid using tables for
Use div tags and CSS styles
instead of tables for web page layout. Tables are mainly used
for showing tabula data and not for layout. As far as
accessibility is concerned, tables, especially the deeply nested
ones, are confusing for visually impaired people who use screen
readers to read a page.
- Avoid using frames
Some people have difficulty
navigating within frames, either because the frames are
confusing or because the software they are using simply cannot
- Avoid pop-ups if possible.
- Tag appropriate link
s as [ppt], [pdf], [staff only], [login required], etc
- Share your website to social networks.
Share you website to others such as Facebook and Twitter etc.
- Web Contents
Content Accessibility Guidelines (WCAG) 2.0 from W3C covers
a wide range of recommendations for making Web content more
- Easy guide to building no barrier web sites
"Easy guide to building no barrier web sites"
from Internet Professional Association (iProA) is
a guide to web
site creators, commercial organizations, and media channels on
how to produce web sites that can be used by all members of the
community, including the physically impaired.
5. Testing a Website
- Validate your website
by W3C Markup Validation Service.
This validator checks the
markup validity of Web documents in HTML, XHTML, SMIL, MathML, etc.
- Validate your website
W3C CSS Validation Service.
- Validate your
website by W3C Link
- Browse your website
with the 4 most common browsers – IE, Firefox, Safari and Chrome.
- Check for spelling
- Check for broken
6. Web Account Maintenance and Quality Assurance
Herein are some good practices that web account owners on the university central web servers (www, www6, www7) should follow to ensure the wellness of their websites.
- The university web servers are open to public access, therefore content stored should be properly protected. Under no condition should it be used for general storage especially sensitive data (e.g. students’ personal data, grades). Besides, special care should be exercised to ensure the data is properly protected (e.g. encrypted) where necessary during storage and transfer, and removed immediately after use.
- Users should adhere to the 'Purpose of Usage' specified at the time the web accounts were created. It is critically important that the information provided in the pro-forma of the Annual Renewal exercise is correct and most up-to-date. Inform the CSC via a CSC Work Request should there be any changes such as their usage, site administration or support personnel.
- Departments are strongly advised not to renew those web accounts which are no longer in use. This is especially the case when departments decided to host their sites elsewhere, e.g. on their own server. If for some reasons they need to keep their web accounts for URL redirection, they should delete all 'old' contents in these accounts and keep only the index file containing the redirection instruction.
- Often web accounts are shared by a number of staff in the department for maintaining different web pages. The names of these staff, their responsibilities and how they coordinate with each other should be documented. This information is vital especially in the handover of web accounts due to staff departure, change of duties, etc. It is strongly recommended to change the passwords of these accounts by the new site administrators after the handover.
- If departments do not have the password to access web accounts which were opened long time ago due to staff departure, they should submit a CSC Work request to reset the password and then logon to backup the contents and instruct the CSC to remove the account. Idle or unattended accounts may run the risk of being hacked.
- To optimize disk resources on central servers (they are university resources), please help to perform the following regularly:
- Do not use the web account as general file storage.
- Tidy up the web account by removing out-dated files, not in use files and backup files from the server.
- Download old version files to your local PC and remove them from the server.
- Do not upload large volume of pictures and try to use lower resolution and smaller size for the pictures / graphic files that is good enough for display and general printing.
- Do not upload video to the web server as it is better to put the video on CSC’s video server for better performance with streaming.
- If there is a considerable upgrade to the web pages, e.g. for a new website or a new feature, in particular those involving programming or database usage; you are strongly recommended to contact the CSC for a web site vulnerability scan before launching the new pages.
Failure to follow the above conditions may result in a breach of security, loss of data, poor performance, etc which may tarnish the name of the department and the university.