Problem solve Get help with specific problems with your technologies, process and projects.

How to build a user registration form

Learn how to build a secure user registration form and some general Web-based system guidelines to guide you through the process.

Approximately how many resources (time, money, man power) are needed to build a user registration form (user name, password) that allows an unlimited number of user name/password changes, delivery of a forgotten password if the user provides correct registration data, editing of registration data, etc.?
The answer depends on the time and resources available to your development staff. While I believe this question is better suited for your development team, here are some are some general Web-based system guidelines.

Assuming the user registration is a single page, depending on the expertise of your developers, it will take (approximately) one developer between a week and a month to build a registrations system. If the system is built in Java, the developer should be skilled in HTML and JSP, and have Java or .NET experience. If the system is designed in object-oriented (OO) languages like Java and .NET, it would be beneficial to have OO design skills.

Since the form will have to call your database for verification purposes, the code that sits on your application server will need code to connect to -- and read from -- those back-end databases. Both Java and .NET are capable of this, and any language proficient developer shouldn't have trouble writing this code.

At a bare minimum, the form should have enough data to verify legitimate users and prevent insider threats or hacker attempts. For example, include the following data in your form:

  • The employee's full first and last name and title.
  • The employee's phone number.
  • An internal ID number for the employee other than their Social Security Number.
  • The name of the employee's department.
  • The location of the employee – cube number or some internal building address.
  • The name of the employee's supervisor.

This list is far from exhaustive and is merely a preliminary guideline to help you get started.

Remember, all forms should contain code that logs and time stamps all submissions for auditing later, in case of hacking attempts or other intentional misuse.

Finally, be sure to add code that validates completion of the form, or that the user isn't entering malicious information. Forms with blank fields or with nonsensical entries should be discarded. Most importantly, forms should log all hacking attempts to prevent tampering – whether by employees or outsiders – up to no good.

This was last published in December 2005

Dig Deeper on Privileged access management