Defensive Design Considerations

Defensive design refers to programming strategies used to ensure that a system can handle unexpected inputs or misuse. This helps create robust programs that continue to function correctly even when faced with errors or improper data.

Key Aspects of Defensive Design

Input Sanitisation and Validation

• Input sanitisation: Cleans data entered by a user to remove potentially harmful characters or code (e.g., removing HTML tags or SQL commands).
• Input validation: Ensures that the data entered is appropriate and meets expected criteria (e.g., checking if an email address contains "@" or ensuring a number falls within a valid range). Example: A system might validate that a user's age is an integer between 0 and 120 to prevent invalid data like "abc" or 9999.

Anticipating Misuse

Programs should be designed with the assumption that users may try to use them incorrectly, either accidentally or maliciously. You can plan for this by limiting what inputs the user can enter or ensuring that any unexpected input is handled safely.

Examples:

• Preventing buffer overflow by limiting the length of text inputs.
• Protecting against SQL injection by sanitising user inputs in forms.

Planning for Contingencies

A robust program should be able to handle unexpected events, such as a file not being found or network failure. This includes creating contingency plans for potential errors or issues, and ensuring the program can recover or fail gracefully without crashing.

Example: When reading a file, you can add error handling to manage cases where the file is missing or unreadable.

try:
    file = open("data.txt")
except FileNotFoundError:
    print("File not found, please check the filename.")

Authentication

Authentication ensures that users are who they claim to be. This is crucial for protecting sensitive data and functions.

Methods include:

• Username and password: Basic form of verifying identity.
• Two-step authentication: An extra layer where a code is sent to a user's phone or email and must be entered to verify identity.
• Limiting login attempts: Prevents brute-force attacks by locking users out after several failed login attempts. Example: Requiring both a password and a verification code sent via SMS ensures that even if a password is compromised, the account is still protected.

Understanding Issues When Handling Input Values

• Invalid or unexpected input: Programs should handle all possible input values, including extreme, invalid, or malicious inputs.
• Edge cases: Ensure your program can process not just typical inputs but also boundary conditions (e.g., an empty list, very large numbers, or special characters).
• Error handling: Proper handling of input errors (e.g., notifying users of mistakes and prompting them to enter valid data) helps improve both user experience and system reliability.