WEBSTANDARDS Archives

UofMN Web Standards

WEBSTANDARDS@LISTS.UMN.EDU

Options: Use Forum View

Use Proportional Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Transfer-Encoding:
7bit
Sender:
UofMN CSS Web Development <[log in to unmask]>
Subject:
From:
Peter Wiringa <[log in to unmask]>
Date:
Fri, 22 Jan 2010 07:26:02 -0600
Content-Type:
text/plain; charset=ISO-8859-1; format=flowed
MIME-Version:
1.0
Reply-To:
UofMN CSS Web Development <[log in to unmask]>
Parts/Attachments:
text/plain (57 lines)
Here are a few notes from my end and some questions for the group.

It sounded liked there was interest in a central repository of form 
information and including some basic form styles and elements in the 
templates would be useful. A general feedback form seems like a good 
starting point. What other types of form or multi-element form parts 
(i.e. EFS) might be good to include and would serve a broad audience?

For those of you using a tool to help generate forms and client-side 
or server-side validation, what tools are you using? Web Form 
Factory may be generating again and provides a solid start for 
simple forms, as a I recall (PHP only).

http://www.webformfactory.com/

On utilizing central authentication and LDAP to improve the UX of 
form by pre-populating info, it doesn't seem like we landed on 
anything with regard to security considerations. If someone is 
signed in, and would be forced to sign in if they weren't, what are 
the issues with pre-populating fields using information about the 
user that's publicly available in LDAP? Here's an example of what 
might be returned.

http://ur-test.umn.edu/pete/cssdev/ldap-returns.html

Anyone from OIT Security on the list who can shed some light on this?

As Chris suggested, you could attempt to pre-populate fields for 
logged in users, but not requiring people to login. Switch to HTTPS, 
get their cookieauth cookie, run it up against the central auth hub 
to get their Internet ID, and then query that. Are there different 
security implications for pre-populating fields in this case?

Of course, directory-suppressed students won't be found in public 
searches of LDAP.

Central auth info
http://www1.umn.edu/is/cookieauth/

Accessible anti-spam techniques
http://webaim.org/blog/spam_free_accessible_forms/

Good read on validation
http://www.smashingmagazine.com/2009/07/07/web-form-validation-best-practices-and-tutorials/


-- 
Peter Wiringa
Electronic Communications
University Relations
University of Minnesota
(612) 625-3252
[log in to unmask]

"I gotta hold on to my angst. I preserve it because I need it. It 
keeps me sharp, on the edge, where I gotta be." - V. Hanna

ATOM RSS1 RSS2