T8 - Defensive design Flashcards
Data validation use
-ensures that data entered is of the right type
-conforms to a set of rules
-only check that the data entered
is reasonable
Data validation cannot ensure
hat the user has not entered a wrong value, or made a spelling mistake in a name
Range check
-number or date is within correct/sensible range
length check
checks that text entered is of correct length
-not too short/long
type check
check data is correct type (interger/boolean)
Presence check
ensures data has been entered
-detects blank regions
eg of length check
password must be between 5 and 12 characters
Verification
is used to double-check that the data has been typed in correctly
Verification eg
a user setting a new password may be asked to type it in twice
Double-entry verification:
If the two passwords don’t match, they will be asked to enter the password again
Authentication routines
are used to make sure a person is who they claim to be
Brute-force attack:
software programs try out every combination of letters, numbers and special characters
ways to prevent brute force attack
Use a password of 8 characters or more to make it more difficult to hack!
maintaining code meaning
improve the code, fix bugs or add new features to the program
factors that make maintenance easier
- The use of sub programs
- Using appropriate naming conventions
- Indentation
- Commenting
Sub programs:
can take inputs (through parameters) and if necessary return a value
eg of sub programs
include functions and procedures
pros of sub programs
reused multiple times in the program or by other programs
pros of using meaningful names for variables
= easy to understand
Indentation:
makes it possible to easily see which lines of code are part of different structures
Comments in code pros:
- help other programmers to understand your code
-help you understand your code when you go back to it at a later time
Comments should mention:
-Parts of a program/algorithm that are difficult to understand
-At the start of a function or procedure to explain what it does
Input validation
– checking input meets certain rules, e.g. the type of data
Anticipating misuse
– preventing too many entries of a password to make it harder for hackers to guess
Authentication
– entering data twice or checking from an alternative source
Use of sub programs
– creates reusable code where bugs can easily be fixed
Naming conventions
– good use of variables and sub program names makes programs easier to read
Indentation
– makes programs easier to read
Commenting
– helps programmers understand what a program does and how it does it
