Defensive Design Flashcards
What is defensive design?
Is the practice of anticipating every possible way that an end-user could misuse a system or device
How do you know that defensive design has not been good enough?
When the program crashes
When the program behaves in an unintended fashion
When data security has been compromised
What is a menu-driven user interface?
A menu-driven user interface limits the user to being able to pick from a displayed list of choices
How can a menu interface limit the misuse of a program?
A menu interface can help to limit unexpected or invalid entries
What is a ‘graphical widget’?
Is a small self-contained object on-screen to allow data selection to be made
How does the calendar widget not allow the user to select an invalid value?
The date information can be encoded in any way convenient to the programmer, and the user cannot select an invalid value
What is the purpose of widgets?
Is to limit user choice to only valid values
What is the most flexible way of receiving inputs from a user?
Text input
What defensive design help with for text input?
Making it as easy as possible for the user to get things right on the first try
How can a programmer design to reduce errors in inputting text?
Inform the user of what they need to enter
What is validation?
It ensures that the data entered is valid for further processing by the program handling it
What are the 4 validation techniques?
Checking and limiting the Length of the data
Checking the Range of the data
Checking the Type of the data
Checking the Format of the data
What is length validation?
Checking to see if the entered value is within the allowed number of characters
What 2 options are there for the programmer if the length validation is not right?
Inform the user of the problem and allow them to re-enter the data
Modify the input to fit the rules (truncation)
What is range validation?
Used when inputs have to fall between certain values (e.g. If the program asked for an age, the user would have to enter a positive number)
What is type validation?
Checking that the input conforms to the allowed data types (e.g. if the input can only be a numeric value then alphabetic or symbol characters are rejected)
What is format validation?
To check that the input is in the correct format
What is a white-list?
A list of data that the application will accept as valid
What is black-list?
A list of data that the application will reject
How are white-list and black-list used?
Often used with firewall applications and email filtering applications
What is a firewall?
An application that helps protect a network from intrusion or to limit what network users can access online
What is one of the things that a firewall always checks?
The URL sent from a web browser within the network
What URLs are contained within each list?
The whitelist may contain a list of URLs that the firewall will let through
The blacklist may contain a list of banned URLs which will be blocked
Why is it easier to create a whitelist?
It is easier to define what is acceptable than to try and anticipate what is not acceptable.
