Revise Computingrevisecomputing.co.uk
At a glanceFeaturesStudentsPricingHow it worksFree GCSE notesExam dates
At a glanceFeaturesStudentsPricingHow it worksFree GCSE notesExam dates

Knowledge organisers / Defensive Design

Defensive design considerations: Anticipating misuse, Authentication

All topicsPractise exam questions
Knowledge organiser

Defensive Design

2.3.1a

Understanding of the issues a programmer should consider to ensure that a program caters for all likely input values; Understanding of how to deal with invalid data in a program; Authentication to confirm the identity of a user

What you need to know

Defensive design means writing programs that can handle unexpected or incorrect inputs by anticipating how users might misuse the program. Authentication is the process of verifying a user's identity, typically through a username and password. Good defensive design reduces bugs and ensures the program behaves correctly regardless of what the user enters.

Key points

  • Defensive design anticipates misuse: programs should handle unexpected or erroneous inputs gracefully.
  • It reduces bugs and ensures the program behaves as expected regardless of user input.
  • Definition:Authentication: verifying a user's identity, typically through a username and password.
  • Authentication ensures only certain/authorised users can access the system.
  • Input sanitisation: removing invalid/special characters (e.g. quotation marks, semicolons) from input to prevent attacks.
  • Programs should never crash due to user input; errors should be handled with appropriate messages.
  • Defensive design methods: authentication, anticipating misuse, validation, input sanitisation, maintainability.
  • Exam Tip:When describing a defensive design method, name the METHOD and then DESCRIBE/GIVE AN EXAMPLE. E.g. 'Validation — restrict ratings to 1-5 to ensure only sensible data is entered'.
  • Exam Tip:When asked about authentication, say it 'ensures only certain users can access the system' AND give an example like 'using a username and password'.
  • Exam Tip:Validation only applies to USER inputs. You do not need to validate randomly generated numbers (they are not user input).

Code examples

Simple authentication
python
# Simple username and password authentication
stored_user = "admin"
stored_pass = "secret123"

username = input("Username: ")
password = input("Password: ")

if username == stored_user and password == stored_pass:
    print("Access granted")
else:
    print("Access denied")