Technology Services Division
Development and Configuration Standards
The following programming and configuration standards are to be followed by any group that is developing applications or interfacing with applications that are run within the DPHHS State Network. Please direct questions or requests for further information to: HHS Application Development@mt.gov
DPHHS has the following application environments available.
- Oracle 10g is fully supported.
- MySQL is available on a limited and unsupported basis (you are responsible for all data stored, We cannot help with backups, data recovery, etc.) MySQL cannot be used for systems working with sensitive data.
- Tomcat Java Application Server
- Tomcat 6 is available. We have separate QA/test and production servers.
- Apache Web Server
- PHP with Oracle and MySQL connectivity is available. We have one server, but can provide test, QA and production environments.
- Oracle Application Server
- Oracle Application Server 10g is supported. We have one server with production, test and QA environments. Due to the end-of-life status of Oracle Application Server 10g, we have limited support from Oracle. An upgrade to Weblogic Server 12c is under consideration.
- Passwords must follow State of Montana standards.
- Currently, this is eight characters or more, with at least two digits and an uppercase alpha.
- Applications must be protected against SQL Injection.
- User input must be sanitized. PHP applications must use binding.
- Database access must be limited.
- Tables and views containing sensitive information must not be readable to all users - even in test/QA environments.
- Applications must periodically clean out old or unneeded files. This includes documents, temporary files and logs. We can assist with scripts to do this.
- Permanent file storage must be discussed with us before development. NOTE: At some point, applications will be required to use the DMS for permanent document storage. DMS is a document management system currently under development.
- Tomcat Applications must use JNDI for database connectivity.
- Password Protected Roles