Introduction to Secure Web Data Input

The Utility of Forms

The html form can be an effective means of allowing screened content onto a web site. My focus is upon trusted members that need to deposit articles and news. Moreover, this route is designed to circumvent restricted environments that do not allow them logging directly onto the site. While security is certainly an issue, my suggestions will be limited in scope.

Again this stems from work begun near to the closing of the Open Source Today site where I was trying to extricate myself from needless, labor intensive tasks and move towards coding directed at site automation. I created the form and the html code to receive the data. Many required tasks to make this approach functional were not completed upon the site's demise. However, the project goals were not so easily dispensed. Hence, this series is my attempt to complete or, at least, outline approaches to effect its completion. Where I tread lightly and seem to skip obvious, required steps I will tell why that was my intent from the beginning. My project was never meant to be a complete treatment. See it more for what it was to be: a quick fix to reduce the load and irritation levels.

The Introduction

In this introductory piece I am going to stress the concepts graphically. I will begin showing a form I intended to take the input, along with another picture showing were that data could be used. Each article that follows will be compact and concise. The focus will be on a single portion of the overall project to take external data and generate useful content. The next discussion will be on data analysis. That is, what data is needed, in what form (i.e. data type), validation rules and perhaps consideration how it will be stored. However, if all are included it may be too ambitious to pull off cleanly. So it will be probably less than listed. The path beyond is murky. My hope is each advance will bring more clarity. Please recall, this is a project that has not yet been completed, hence, some nasty surprises should be expected.

The Form

As I said this is an introductory piece that has broad strokes, but little depth at this stage. So it is time to just look at the graphic form I created for one of the principle writers for the site. Here it is:

    Figure 1. News Item/Article Input HTML Form  

Depending upon your screen size, resolution and the browser enlargement you may have difficulty reading the input fields. The two at the top are the Date and the Author. The former is automatically filled in and formatted at the time of opening the form. The author's name could be known and filled in from the password form that would be required to reach this point. However, it would be better to have the author fill in their name as they would prefer to see it listed. Another factor is security, meaning a complete mis-match would suffice to deem it as a suspected break in attempt.

The next line is the Title. It has a single line text entry, that I believe has the ability to scroll horizontally for an overly large entry. Beneath that is the important item, the Summary in a fairly spacious text area box. Following that is another single line text entry for the key words that are supposed to enhance the likelihood your master piece will be indexed by search engines and found by your on-line fan base. Those that have coded html web pages will recognize these as the base components found the the page head(er) region as meta tags.

The final two are the news item or article space, which can fit into the larger text area box. Do not fear, it is capable of holding a much greater amount of content than the apparent limits of the box size. In the use I envisioned, this is not a composition box. I expected the content, including the html to be pasted in en masse. The final field is just a descriptive name for the file storing the news item or article. The listed set would have sufficed to being applied to the Open Source Today site.

One Easy Fit - Article Listing

Let me focus on one seemingly easy application of the input data onto a potential dynamic content target for the aforementioned site. When you look at the graphic below, the input items seem to be a simple, logical match:

    Figure 2. Sample OpenSourceToday Article Listings  

however, note the dates decline. Retrieving the data, ordering and painting the screen can be a problem. For now and perhaps even later that will beyond the scope of this series.

The borders that surround the listing space and the background color are the properties set by the css file. The first item is the full date in the same format as shown on the input form, what follows is some boiler plate text before encountering the title that has a link to the article location. The linking uses a bit more data than shown on the input form, however, not much more than the aforementioned boiler plate text that preceded. With regard to the author's name it is simply bolded and enclosed in parenthesis. Finally, we see the summary filing the remaining space. The spacing between the listed items is another property in the cascading style sheet.

Series Direction

That is the start more will follow. However, I cannot promise I will tie everything into a neat package when I end the series.

Even for this single site, the image match shown is for just one possible use. There are three others I intend to show in subsequent articles, that in certain respects might be simpler to apply but less obvious graphically shown. Not all of them will be easy to implement, but they tie in with the topic of dynamic content. [I suggest going to this page to view potential, full size target examples. Any one of the first three and the last link should give you a good idea of what I have in mind.]

The series moves next to data analysis. That is, simply determining the minimum data entry necessary to obtain the content necessary for a given site use. While it is not harmful to consider a more general and flexible design, the effort may be counter productive. I opt towards the simpler. Though that is not my natural bent, it makes good sense and is more efficient use of one's time.

That is the start more will follow. However, I cannot promise I will tie everything into a neat package when I end the series.

     © Herschel Cohen, All Rights Reserved

Corrections, suggested extension or comments, please use http://bst-softwaredevs.com/ addresses found there. Thanks.