Archive for June, 2009

Web Forms: Lifeblood of Your Site or College Roommate?

Posted by Scott Reno on June 15, 2009  |  1 Comment

Website forms are a lot like college roommates: they’re necessary but if you don’t lay down some ground rules things can quickly get out of hand. Whether you’re whipping your class-skipping roommate or your information-gathering forms into shape, the process involves the same basic steps.

Step One: Don’t Overload the Machine

Never let your roommate wash your laundry because he’ll mix the lights with the darks, not empty the pants pockets, and add too much detergent to the machine. Unless you want to wear an all pink wardrobe, teach him the rules to proper laundering.

Verifying form field lengths and data types are much the same. Your forms must only accept the right lengths and types of input or you’re opening the door to hackers and script kiddies, as well as allowing the dreaded Users Who Don’t Pay Attention to enter the wrong information.

Here’s a starting point for some common form fields:

  1. 25 characters for first and last name fields, alphabetic characters and the apostrophe only
  2. 12 characters for a phone number, numeric and dashes only
  3. 5 characters, numeric only for zip codes
  4. 10 characters, numeric and dashes only for zip plus 4 zip codes
  5. 500 characters for text areas
  6. ensure that no required fields are empty

Form verification must occur on the page through JavaScript validation and on the server once the data has been submitted. JavaScript validation allows the user to know that she has entered data incorrectly and Server Side validation prevents hackers and spammers from attacking your site.

While JavaScript validation is important, you can’t count on it to validate data because users can turn it off. Server Side validation ensures that your database and processing scripts remain free of invalid data.

Step Two: Lock Out Unwanted Visitors

Your roommate is fun (if you ignore the filthy pit he calls a bedroom) but you don’t like it when his friends stop by and take over the apartment. Be smart and lock the door so they can party somewhere else.

Creating “tokens” for your forms guarantees that only users with the “key” can enter. Tokens are randomly-generated character strings that are embedded in a hidden field on the form. Long character strings with numbers, upper and lower case letters and punctuation marks are recommended because they are difficult to guess. When these forms are submitted, scripts check to see if the token on the form matches the key on the web server. If they don’t match, then something nefarious is going on. Spam bots and hackers will often ignore hidden fields when submitting forms or just fill them with junk data.

Step Three: Let Your Friends In

Your friends are the polar opposite of your roommate’s: they aren’t loud and obnoxious, they clean up after themselves and they shower on a regular basis. When your roommate’s buddies aren’t looking, quickly let your friends in.

In the world of web forms, your “friends” are on a white list of allowable form fields. When the form is submitted, a script checks the form field name against the white list. If a form field name isn’t on the white list, there was a hacking or spamming attempt made on your form.

Step Four: Keepin’ It Clean

So you’ve been working hard to transform your roommate from a monkey into a suitable companion. He knows how to do laundry, doesn’t bring friends home, and allows you to hang out with your buddies but he’s still not perfect. Change that Dirty Dan into Tidy Tim!

Form data, like your roommate’s hygiene, is often “dirty.” NEVER trust data from a form because it can contain JavaScript, HTML and other programming tags along with the actual data. PHP features the strip_tags command that will remove some of the offending extra information. Additional “cleaning” might be necessary to remove SQL to avoid injection attacks. By cleaning data, you drastically reduce the security risks of receiving data from your forms.

So What Have We Learned Today?

Web forms (and roommates) are unavoidable but they must be whipped into shape or they will get out of hand. By following the four simple rules your forms will be safe against many attacks. Let’s review:

  1. Verify field lengths and data types through JavaScript and on the Server
  2. Match tokens on the form to the submission keys
  3. Create a form field white list
  4. Clean your data
Link to this post!

Tags:, , , ,

Filed Under: Marketing, Technology, Uncategorized

Rolling with the Changes: Transitioning from Paper to Online Content

Posted by patrick on June 1, 2009  |  2 Comments

If your morning ritual is anything like mine, it involves two things: lots of coffee and a newspaper. Unfortunately, these days that newspaper contains about as much information as a postcard. I can read through the entire paper before my coffee even stops steaming. So I asked myself “What the heck happened?”

MSN Money recently reported that according to the Audit Bureau of Circulations, I happened. The report claims newspaper circulation dropped a stunning 71% in late 2008. Newspaper readers, believe it or not, are the reason print news is dwindling.

Since late 2008, daily papers seem to close, well, daily. Surviving print news media are slimming down to mere slivers of dull gray paper. In their ongoing struggle to stay afloat (or at the very least prove they should even exist) newspapers have scrambled to develop new business models. The technological shift from traditional news sources like papers and magazines has gone into overdrive and given them a run for their money (literally) in trying to develop new models that involve a heavier focus on the Internet. The companies that are having any success at all – mainly by not failing and becoming news themselves – have transitioned to the Web, which is exactly where their readers are.

Interestingly, it’s the readers, not the economy, who set the stage for this shift. It makes sense. Nearly everyone in the US uses the Internet daily. Most online news services are free and are updated in real time – streaming video, live blogging and so forth. Many are also aggregated daily by news sites like Digg.com and HuffingtonPost.com, thereby increasing readership.

Everything you read in a newspaper has already happened. There are no updates or late editions (those died years ago). New blogs pop up weekly, covering news stories from entertainment to local school board elections. Every base is covered by the Web. And when you have all that information literally at your finger tips, who wants to walk out to the curb to get a paper?

But aren’t we forgetting something? What are all the newspaper advertisers supposed to do?!
The short answer: diversify. Yes, the media is changing from print to Web faster than you can say “bankruptcy”. But information is available now more than ever before, just in a new format. And more importantly, people are still reading it. According to an article by the National Arts Journalism Program, online audiences for news sites are “soaring”. The article cites the following growth for some of the nation’s most-read daily papers:

  • NYTimes.com — 20,461 — 45.1%
  • USATODAY.com — 12,314 — 19.4%
  • washingtonpost.com — 9,902 — 14.6%
  • Wall Street Journal Online — 6,962 — 81.4%
  • LA Times — 5,715 — 4.7%

Figures like these prove that just because people are reading fewer printed papers it doesn’t mean they’re not still interested in the information. The same audience is out there, waiting to be reached. Readers are more available and more easily targeted when they’re searching for topics that interest them on the Internet. It’s just up to advertisers to adapt to the new surroundings.

So, advertisers are forced to seek new and innovative ways to present ads on the Web in banners ads, text ads, page sponsorships, links and getting featured on sites like Digg.com and Facebook.com. Perhaps the biggest benefit for advertisers on the Web is there are so many different types of ads for one medium. Print is just an image. TV is a commercial. The Web is continuously evolving, measureable and trackable.

According to the same MSN Money article, in three years 50% of all ad revenue for news outlets will come from online ads. Right now there’s a great opportunity for businesses that operate locally, like career schools, realtors and so forth to start advertising where the readers are looking. The main benefits here are in the ad’s real-time measurable results. Hits, clicks and site traffic can all be tracked and measured against goals in a much faster way than traditional print advertising allows. And if a campaign isn’t working advertisers know sooner, saving money and time in developing a new approach. Advertisers have more locations and sophisticated options than ever before to get their messages out on the Web.

Gragg Advertising takes initiative in transitioning clients from traditional advertising to the Web. Our clients depend on us to maintain their advertising reach in the face of these challenges. That’s why for the past few years Gragg Advertising has been ahead of the curve in recognizing and adapting to the new trends in online advertising. We constantly promote new measurable, trackable, innovative and successful online advertising initiatives that involve all aspects of the Internet, from email, to ads, to press releases, to social networking. Thanks to our innovation, Gragg Advertising’s career school clients receive the most accurate data on all their Web campaigns.

Link to this post!

Tags:, , ,

Filed Under: Marketing, Uncategorized