Defensive Dsesign Flashcards
what is the purpose of defensive design
to ensure programs are functioning properly
what will programmers try to do to protect their programs using defensive design
- anticipate how users might misuse the program then try to prevent it
- ensure their code is well maintained
- reduce the number of errors in the code through testing
what is the easiest way for a user to intentionally or accidentally misuse program
through entering data
what are the two ways you can prevent users from entering something you dont want them to
- input sanitisation
- input validation
what is input sanitisation
removing any unwanted characters before passing the data through the program
what is input validation
- checking data meets certain criteria before passing it through the program
- such as checking whether an email hasan @ symbol or a suitable ending like .com
what are the different types of validation input checks you can use
- range check
- presence check
- check digit
- format check
- look up table
- length check
what does a range check do
checks data is within a specified range
what does a presence check do
checks the data has actually been entered
what does a check digit do
checks numerical data has been entered successfully
what does a format check do
checks the data has the correct format
what does a look up table do
checks the data against table of acceptable values
what does a length check do
checks the data is the correct length
what does authentication do
- confirms the identity of the user
- before they are allowed to access eices of data or features of a program
- such as using passwords
what ways are used to increase the securtiy of password authentication systems
- force users to make strong passwords and change it regularly
- limit the number of failed authentication attempts before access to the account is lost
- ask for a random selection of characters from the password on each authentication
