Defensive Design Flashcards
What should never happen if programs are functioning correctly?
- never break
- never produce errors
How will programmers try protect their programs?
Through defensive design
What are some examples of defensive design?
- anticipate how users may misuse their program and then attempt to prevent it from happening again.
- ensure their code is well maintained
- reduce the number of errors in the code through testing
What’s the easiest way for a user to accidentally or unintentionally misuse a program?
When entering data
What are two ways you can prevent someone from entering something you don’t want them too?
Input sanitisation and input validation
What is input sanitisation?
removing any unwanted characters before passing data through the program.
What is input validation?
Checking if data meet certain criteria before passing it into the program. e.g. checking if an email address contains an @ symbol and has a suitable ending like .com
What are types of input validation you can use?
- range check
- presence check
- check digit
- format check
- look-up table
- length check
What is a check digit?
Checks numerical data has been entered accurately.
What is a format check?
Checks the data has a correct format.
What is a look-up table?
Checks the data against a table of acceptable values.
What is a length check?
Checks the data is the correct length.
What is a range check?
Checks the data is within a specified range.
What is a presence check?
Checks the data has even accurately entered.
What does the function formatName() do?
It goes through the character of a string and deletes the character if it’s “(“ or “)” and returns the amended string.
What does the method removeChar(x) do?
Returns a new string with the character in position x removed.
What is authentication?
- can confirm the identity of a user before they’re allowed to access certain pieces of data or features of the program.
- a common way is using passwords.
How can you increase the security of a password based authentication system?
- force users to use strong passwords and get them to change their passwords regularly.
- Limit the number of failed authentication attempts before access to an account is lost.
- Ask for a random selection of characters from the password on each authentication.
Why is having too much authentication an issue?
Can affect a program’s functionality and put people off using it.
What are the benefits of a well-maintained program?
- makes it easy for other programmers to understand what the code does.
- also be able to change parts of the source code without risk of causing problems elsewhere win the code.
What features can improve the maintainability of source code?
- comments
- indentation
- variables and subprograms should be named
- using global variables only when necessary
Why are comments good to improve the maintainability of source code?
Useful to explain the key features of a program and well written and clear comments help other programmers understand your code.
Why is indentation good to improve the maintainability of source code?
- separate different statements
- allows other programmers to see the flow of the program clearly and pick out different features
How does naming your variables and sub programs improve the maintainability of source code?
- refers to what they actually are
- helps programmers keep track and recognise what the variables are throughout the program.
How does only using global variables when necessary help improve the maintainability of a program?
- they could affect the rest of your code
- variables with a local scope only affects the sub programs they are declared in
- other programmers know changing these variables will affect other parts of the program
Why does using a good amount of useful comments help your program?
Easy to produce a summary of what the program actually does using auto-documentation.
