diff --git a/pyalchemybiz/controllers/customer.py b/pyalchemybiz/controllers/customer.py
index 5e779bf..37a5a01 100644
--- a/pyalchemybiz/controllers/customer.py
+++ b/pyalchemybiz/controllers/customer.py
@@ -1,12 +1,31 @@
 # -*- coding: utf-8 -*-
 import logging
 
-from pyalchemybiz.lib.base import *
+from pyalchemybiz.lib.base import BaseController, _, c, render, redirect_to
 from pyalchemybiz.model import customer, meta, person
+from pylons.decorators import validate
+from pylons.decorators.rest import restrict
+import formencode
+from formencode import htmlfill
 
 log = logging.getLogger(__name__)
 
 
+class NewCustomerForm(formencode.Schema):
+    allow_extra_fields = True
+    filter_extra_fields = True
+    firstname = formencode.validators.String(
+        not_empty = True,
+        messages = {
+            'empty': _('''Please enter customer's firstname.''')
+        })
+    lastname = formencode.validators.String(
+        not_empty = True,
+        messages = {
+            'empty': _('''Please enter customer's lastname.''')
+        })
+
+
 class CustomerController(BaseController):
     """
     Controller for customer related operations.
@@ -16,11 +35,10 @@ class CustomerController(BaseController):
         """
         Show a customer list.
         """
-        cust_q = meta.Session.query(customer.Customer)
-        c.customers = cust_q.all()
+        c.customers = meta.Session.query(customer.Customer).all()
         return render('/derived/customer/list.mako')
 
-    def view(self, id):
+    def view(self, id=None):
         """
         Display a customer's details.
         """
@@ -38,26 +56,40 @@ class CustomerController(BaseController):
         """
         return render('/derived/customer/new.mako')
 
-    def edit(self, id):
+    def edit(self, id=None):
         """
         Displays a form for editing customer with id.
         """
+        if id is None:
+            abort(404)
         cust_q = meta.Session.query(customer.Customer)
-        c.customer = cust_q.get(int(id))
-        return render('/derived/customer/edit.mako')
+        cust = cust_q.get(int(id))
+        if cust is None:
+            abort(404)
+        values = {
+            'firstname': cust.person.firstname,
+            'lastname': cust.person.lastname,
+            }
+        return htmlfill.render(render('/derived/customer/edit.mako'), values)
 
-    def delete(self, id):
+    def delete(self, id=None):
         """
         Deletes a customer.
         """
+        if id is None:
+            abort(404)
         cust_q = meta.Session.query(customer.Customer)
         cust = cust_q.get(int(id))
+        if cust is None or cust.person is None:
+            abort(404)
         meta.Session.delete(cust.person)
         meta.Session.delete(cust)
         meta.Session.commit()
 
         redirect_to(action='list', id=None)
 
+    @restrict('POST')
+    @validate(schema=NewCustomerForm(), form='new')
     def create(self):
         """
         Saves the information submitted from new() and redirects to
@@ -66,22 +98,27 @@ class CustomerController(BaseController):
         cust = customer.Customer()
         meta.Session.add(cust)
         cust.person = person.Person()
-        cust.person.firstname = request.params['firstname']
-        cust.person.lastname = request.params['lastname']
+        for k, v in self.form_result.items():
+            setattr(cust.person, k, v)
         meta.Session.add(cust.person)
         meta.Session.commit()
 
         redirect_to(action='list', id=None)
 
-    def save(self, id):
+    @restrict('POST')
+    @validate(schema=NewCustomerForm(), form='edit')
+    def save(self, id=None):
         """
         Saves the information submitted from edit() and redirects to
         list().
         """
         cust_q = meta.Session.query(customer.Customer)
         cust = cust_q.get(int(id))
-        cust.person.firstname = request.params['firstname']
-        cust.person.lastname = request.params['lastname']
+        if cust is None:
+            abort(404)
+        for k, v in self.form_result.items():
+            if getattr(cust.person, k) != v:
+                setattr(cust.person, k, v)
         meta.Session.add(cust.person)
         meta.Session.commit()
 
diff --git a/pyalchemybiz/public/pyalchemybiz.css b/pyalchemybiz/public/pyalchemybiz.css
index e69de29..fb079b1 100644
--- a/pyalchemybiz/public/pyalchemybiz.css
+++ b/pyalchemybiz/public/pyalchemybiz.css
@@ -0,0 +1,8 @@
+html, body {
+   font-family: Verdana, sans-serif;
+}
+
+.error-message {
+   color: #ff0000;
+   font-size: 80%;
+}
\ No newline at end of file
diff --git a/pyalchemybiz/templates/base/base.mako b/pyalchemybiz/templates/base/base.mako
index 349216e..227364d 100644
--- a/pyalchemybiz/templates/base/base.mako
+++ b/pyalchemybiz/templates/base/base.mako
@@ -10,7 +10,7 @@
     ${self.head()}
   </head>
   <body>
-    ${self.header()}
+    <div id="header">${self.header()}</div>
     ${self.tabs()}
     ${self.menu()}
     ${self.heading()}
@@ -22,7 +22,7 @@
 
 <%def name="title()">${_('PyAlchemyBiz')}</%def>
 <%def name="head()"></%def>
-<%def name="header()"><a name="top"></a></%def>
+<%def name="header()"><a id="top"></a></%def>
 <%def name="tabs()"></%def>
 <%def name="menu()"></%def>
 <%def name="heading()"><h1>${c.heading or _('PyAlchemyBiz')}</h1></%def>
diff --git a/pyalchemybiz/templates/derived/customer/edit.mako b/pyalchemybiz/templates/derived/customer/edit.mako
index d17521e..4a776ad 100644
--- a/pyalchemybiz/templates/derived/customer/edit.mako
+++ b/pyalchemybiz/templates/derived/customer/edit.mako
@@ -1,12 +1,9 @@
 <%inherit file="/base/customer.mako" />
-
+<%namespace file="fields.mako" name="fields" import="*"/>
 ${h.form(h.url_for(action='save'))}
 <fieldset id="editcustomerform">
-<label for="firstname">${_('First name:')}</label><br />
-${h.text('firstname', c.customer.person.firstname)}<br />
-<label for="lastname">${_('Last name:')}</label><br />
-${h.text('lastname', c.customer.person.lastname)}<br />
-
+<legend>${_('Edit customer')}</legend>
+${fields.body()}
 ${h.submit('save', _('Save changes'))}
 </fieldset>
 ${h.end_form()}
diff --git a/pyalchemybiz/templates/derived/customer/fields.mako b/pyalchemybiz/templates/derived/customer/fields.mako
new file mode 100644
index 0000000..31a38ef
--- /dev/null
+++ b/pyalchemybiz/templates/derived/customer/fields.mako
@@ -0,0 +1,4 @@
+<label for="firstname">${_('First name:')}</label><br />
+${h.text('firstname')}<br />
+<label for="lastname">${_('Last name:')}</label><br />
+${h.text('lastname')}<br />
diff --git a/pyalchemybiz/templates/derived/customer/new.mako b/pyalchemybiz/templates/derived/customer/new.mako
index d906ab1..22c622a 100644
--- a/pyalchemybiz/templates/derived/customer/new.mako
+++ b/pyalchemybiz/templates/derived/customer/new.mako
@@ -1,12 +1,9 @@
 <%inherit file="/base/customer.mako" />
-
+<%namespace file="fields.mako" name="fields" import="*"/>
 ${h.form(h.url_for(action='create'))}
 <fieldset id="createcustomerform">
-<label for="firstname">${_('First name:')}</label><br />
-${h.text('firstname')}<br />
-<label for="lastname">${_('Last name:')}</label><br />
-${h.text('lastname')}<br />
-
+<legend>${_('Create new customer')}</legend>
+${fields.body()}
 ${h.submit('submit', _('Add new customer'))}
 </fieldset>
 ${h.end_form()}