Now Hiring: Web Developer/Programmer

Corporate Web Services is now accepting applications for a Web developer to join our highly motivated design team. This person will be an integral part of our web development efforts and will be responsible for creating custom Web-based solutions for our customers. Good communication skills are a must. We prefer a full-time position, but would consider part-time employment for a highly skilled individual. Compensation is based on experience.

Corporate Web Services is a leader in providing web development services on a national basis. As a developer with CWS, you'll have the opportunity to work in a fast-paced environment with opportunities for both personal and professional growth.

Applicants who meet the qualifications below should apply online at our website. This position is located in Rochester, MN.

Development

• Able to code, rigorously test and deploy Web applications.
• Pursues best practices and standards-based development
• Able to work with clients to effectively determine project requirements
• Familiar with standard Web development tools including Photoshop and Dreamweaver (additional software is always a plus)
• Understands basic relational database design concepts.
• Strong working knowledge of at least one of our standard development platforms, which include LAMP (php), ASP.NET and Ruby on Rails.
• Strong working knowledge of HTML and CSS

General

• Excellent communication skills
• Ability to work independently
• Ability to prioritize and balance simultaneous projects
• Attention to detail in all areas
• Desire to learn

Launch: Mayo Clinical Trial Services and Event Registration

In January, CWS completed two new projects with Mayo Collaborative Services. The first is a design refresh of the Clinical Trial Services website, for which we have provided support since 2005. This realignment brought the site framework into the same family as other MCSI websites, with new graphics that emphasize cutting-edge service offerings without compromising the site's content-first approach.

We also deployed a new Web-based registration and management system for the many educational events offered by Mayo Medical Laboratories. This system has been in development for several months and is built on top of the evaluation system that was launched nearly a year ago. It provides an all-electronic workflow for participants and staff, covering the event registration process from end to end. The automation of a large number of processes is providing an enormous gain in efficiency to MML staff and an improved experience to registrants.

Both projects have been enjoyable and challenging. Additional projects in support of MCSI Web initiatives are ongoing.

CWS specializes in developing applications that directly address business problems. If we can help to improve your efficiency or redevelop a process that's causing frustration, we encourage you to contact us.

New GroupLoop Feature: Additional Email Support

One of our most common feature requests for GroupLoop is tighter integration with email software. The application already offers several features for notification by email, like when you post a new message or document, or set a reminder for calendar events. But now GroupLoop can accept incoming email, too. You can send a message to your GroupLoop account and it will be automatically forwarded to other members while still maintaining the central archive that makes GroupLoop so useful.

Here's how it works. Each GroupLoop committee can now be assigned a "drop box" email address that allows it to process messages. To start using the feature, you'll need to assign a short name to the committee (no spaces or special characters) that will form the email address.



For example, say the account cws.grouploop.com has a committee called GroupLoop Developers. We might assign it a short name of "developers." The email address for that group would then become developers.cws@mail.grouploop.com.

Only people who belong to the committee can send messages to the address. When they do, the text of the email will be created as a new GroupLoop message, and a copy will be forwarded to everyone in the group. If a member replies to the email, their message will be added as a comment under the original posting. This helps keep email conversations centralized, permanently archived and collected by discussion, without requiring a login every time you want to add to the conversation.

To assign a short name to your committee (only account administrators can do this), click the "People" tab and then the committee name under "Manage Committees" in the right sidebar.

We hope this new feature saves you time and helps to make GroupLoop an even more useful part of your workflow!

Single Sign-On with SAML

The way people use the Internet has changed a great deal over the years since the technologies that drive it were originally developed. For example, HTTP -- those letters forming the beginning of most website addresses -- is the protocol or language that your Web browser uses to request pages from a site. It was originally defined back in 1991, when the Web was just an idea and Google wouldn't be founded for another seven years.

HTTP is called a stateless protocol because it's a simple language that consists of a single request and response. Your browser asks a Web server for something -- like a page or an image -- and when the server delivers the goods, the transaction is over. The connection is closed. That worked fine in the days when a "page" was all there was. But these days, many websites offer sophisticated systems that let you log in to access personal content, uniquely tied to your browsing session. How is this possible when there's no connection between one HTTP request and another? How does Amazon.com attach your shopping cart to you and not a user in Singapore?

This is where the strangely-named "cookie" enters the picture. Cookies are little chunks of information that your browser sends back to the server that created them on each request. They don't have much flavor, but they're responsible for making the Web as we know it work. But there's a problem -- if you read the sentence above carefully, you'll notice that a cookie can only be sent back to the server that first created it. That's a very important limitation -- otherwise this blog could read your cookie from Amazon.com and see all the Christmas presents on your wish list.

However, this limitation can be pretty inconvenient at times. CWS supports several separate but related websites for Mayo Collaborative Services, and all of them have some content that's only accessible to registered users. When people bounce from one site to another, logging in repeatedly gets old -- and frustrating users is the last thing a Web developer wants to do. It would be immensely helpful to create a transparent experience across all these sites. Once a user logged in, he or she would be authorized everywhere.

We've recently finished deploying a system that does exactly that. Several issues made it a challenging process. First, some people have different levels of access to different sites, so just logging in isn't enough. Specific roles needed to be managed. Second, the login systems of these sites are written in different languages, so the integrated system needed to communicate seamlessly with both.

The solution we developed uses SAML 2.0 (Security Assertion Markup Language), an open standard for different systems to exchange statements about authentication. SAML has heavy support from the enterprise software industry, and it was a perfect fit for our needs -- it's secure, very flexible, and because it's XML-based, it integrates well with just about any platform.

Altogether, five different Web applications with a large user base have now been pulled together under one elegant system. Users only log in once and can subsequently reach every resource they need without further interruption. This kind of integration also makes it much easier for administrators to analyze traffic patterns across sites, so the benefits run both ways.

CWS is a leading provider of Web-based applications. If we can help you design an effective solution to a challenging problem, contact us today.

Launch: 300Financial.com

As previously mentioned, CWS has been working the past few months with 300 Financial, an organization providing services to financial advisors, on a variety of applications. Last week the company's public website was released along with a number of private web-based tools.

One of these tools allows advisors to collect some basic financial information from a potential client and automatically determine both things that are done well and potential trouble spots. The web-based application considers such variables as asset allocation, exposure to interest rate volatility, the impact of account expenses over time, and estate planning needs.

This system automatically assembles a report for the client in the form of an 80-page PDF document, with options that the financial advisor can tailor as needed to the client's unique situation. Armed with this information, advisor and client can quickly identify areas to target for improvement and make intelligent decisions together.

Another set of calculators helps those nearing or in retirement to design a series of structured investments that will provide the correct mix of portfolio growth and monthly income for their needs, again based on the individual's situation.

CWS has enjoyed developing these tools to help deliver the right knowledge to financial advisors and their clients, giving them the insight needed to make wise choices for the future. We look forward to ongoing development with 300 Financial.

How Security Problems Happen

As computers and web-based software have become deeply integrated into our daily lives, so has a consciousness of security issues and the vulnerability of digital information. Even in the past few months, a number of high-profile breaches of computer security have been widely reported.

How do attacks happen? Although specifics vary, a surprising number of security breaches come through the same pathways -- just as a large number of residential burglars enter through the front door.

A new report from the SANS Software Security Institute has just been released analyzing the top security vulnerabilities reported during 2006. The report identifies three main programming errors which were responsible for most breaches. Even non-programmers can learn something from this report.

Error 1: Accepting input from users without validating it. If you sell your car to a dealer, he's probably going to pop the hood and make sure the vehicle contains an engine before he writes you a check. In the same way, a web-based application needs to ensure that any data it receives is safe before it uses it. In a simple case, attackers (usually automated software rather than actual human beings) can manipulate an insecure contact form on your website into sending spam. More serious attacks could result in exposing an entire database of customer information to the world.

What can you do? If you're responsible for having a website or application developed, discuss the security implications with your programmers and be sure they have a good understanding of how to handle these issues.

Errors 2 and 3: Buffer and integer overflows. In plain English, a buffer is a bucket of computer memory that's intended to hold a certain amount of information. If an attacker force-feeds more data than expected into a buffer, he can sometimes manipulate the computer into executing additional code. Similar attacks can be made by forcing the value of an number to become larger than the software is equipped to handle. Most of these kinds of attacks occur on system-level software that the average user has little control over.

What can you do? Immediately apply software patches as soon as they're released. Don't ignore that Windows Update icon that says you have updates to install. Install antivirus software and keep it up to date.

These measures will not make your software invulnerable to attack. Even well-designed programs can fall prey to a determined attacker, just as a well-secured home may be burglarized. But you should still lock the front door.

Launch: Runway Reporting System

Let's pretend you're driving down the freeway in your new corvette at 120mph. Since it's the middle of winter, wouldn't it be nice to know if there are icy spots up ahead?

At the airport, pilots are faced with this situation each time they land a plane.

To solve this problem, CWS developed an "Airport Field Conditions Reporting System" which is now in use at the Rochester International Airport. Control towers all over the country have access to real-time statistics about the conditions of the runways at our airport. They can relay this information to pilots as they prepare for landing, or re-route air traffic if necessary.

During severe weather conditions, the website may be updated several times each hour as airport crews continue to plow runways and apply chemicals. Ground staff at the airport has access to update the live data quickly, with each update logged and available immediately.