9.1 Defensive design Flashcards
Defensive design
Defensive design is an approach to software development where every possible input from a user is considered.
This is done to anticipate all of the ways a user could misuse a program.
Defensive design ensures that the fi nal program is robust and reliable for all users.
Occasionally, some errors can occur in software that cannot be foreseen by the developer when writing the software.
Defensive design consideration
Many errors can occur in a program and some of these can be difficult to anticipate when initially developing the software.
The programmer must ensure the software has a way of dealing with the potential errors to ensure their software does not crash.
Some examples of these errors include:
Peripheral errors
Disk errors
Communication errors
In these instances, a programmer must ensure their software deals with these errors to ensure it is robust and reliable for its users.
Peripheral errors
Peripherals commonly don’t perform as intended, such as printers and this can cause an issue for the end user.
If a printer runs out of paper, runs out of ink or has a paper jam; the user should have the option of reprinting their document.
These considerations must be pre-planned in the software.
Disk error
Programs such as word processing software must be able to account for errors on a disk drive.
Example errors that may occur on a disk include:
Disk running out of space
Files and folders not being found
Corrupted files
These issues must be preplanned in the software the user has an alternative option, for example saving their work on another disk.
Communication error
Applications which use online systems must be connected to a host server.
When a connection is lost, the program should provide a way for the user to cancel their request and try again.
The program may also be able to automatically retry if the connection resumes.
Authentication
Authentication is the process of ensuring that a system is secure by asking the user to complete tasks to prove they are an authorised user of the system.
Authentication is done because bots can submit data in online forms.
Authentication can be done in several ways, these include:
Usernames and Passwords
CAPTCHA
Other methods that programmers can do to authenticate the user is include:
Allowing users to recover passwords via email links and SMS codes
Encrypting data
Input validation
Input validation is code which is used to check that an input from a user is acceptable and that it matches the requirements of the program.
There are 5 main categories of validation which can be carried out on fields and data types, these are:
Length check - Checks the length of a string.
Type check - Check the data type of a field.
Range check - Ensures the data entered as a number falls within a particular range.
Presence check - Looks to see if any data has been entered in a field.
Format check - Ensures that the data has been entered in the correct format.
There can be occasions where more than one type of validation will be used on a field.
An example of this could be a password fi eld which could have a length, presence and type check on it.
Program maintainability
Maintainability is used to ensure programmers can easily understand what a program is doing months or years after having first written it.
Maintainability is also used when programming as part of a large team, so each programmer working on the team understands what each section is doing.
How programs are maintained
Commenting of code: to explain the purpose of the code in a particular section.
White space: to make each section clear and easy to see.
Indentation: to show each instance of selection and iteration and to make it clear which code belongs to which clause in the program.
Sensible variable names: so that the name explains what that variable or data structure does and to prevent confusion later in the development process.
Use of sub-programs: functions or procedures split up programs into reusable sections of code which can remove the need for duplicating code and also increase the overall structure of the code.
