Q

How to build a user registration form

Learn how to build a secure user registration form and some general Web-based system guidelines to guide you through the process.

Approximately how many resources (time, money, man power) are needed to build a user registration form (user name, password) that allows an unlimited number of user name/password changes, delivery of a forgotten password if the user provides correct registration data, editing of registration data, etc.?
The answer depends on the time and resources available to your development staff. While I believe this question is better suited for your development team, here are some are some general Web-based system guidelines.

Assuming the user registration is a single page, depending on the expertise of your developers, it will take (approximately) one developer between a week and a month to build a registrations system. If the system is built in Java, the developer should be skilled in HTML and JSP, and have Java or .NET experience. If the system is designed in object-oriented (OO) languages like Java and .NET, it would be beneficial to have OO design...

skills.

Since the form will have to call your database for verification purposes, the code that sits on your application server will need code to connect to -- and read from -- those back-end databases. Both Java and .NET are capable of this, and any language proficient developer shouldn't have trouble writing this code.

At a bare minimum, the form should have enough data to verify legitimate users and prevent insider threats or hacker attempts. For example, include the following data in your form:

  • The employee's full first and last name and title.
  • The employee's phone number.
  • An internal ID number for the employee other than their Social Security Number.
  • The name of the employee's department.
  • The location of the employee – cube number or some internal building address.
  • The name of the employee's supervisor.

This list is far from exhaustive and is merely a preliminary guideline to help you get started.

Remember, all forms should contain code that logs and time stamps all submissions for auditing later, in case of hacking attempts or other intentional misuse.

Finally, be sure to add code that validates completion of the form, or that the user isn't entering malicious information. Forms with blank fields or with nonsensical entries should be discarded. Most importantly, forms should log all hacking attempts to prevent tampering – whether by employees or outsiders – up to no good.

This was first published in December 2005

Dig deeper on Enterprise User Provisioning Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close