Computer Science (9210) | Robust and secure programming

Welcome to Robust and Secure Programming!

Hello future computer scientists! Don't worry if the titles "Robust" and "Secure" sound complicated—they just mean making sure your programs are tough, reliable, and safe from unexpected problems or sneaky users. This is one of the most important chapters in programming, because a program that crashes or lets unauthorized people access data is useless (and potentially dangerous!).

In this chapter, we will learn how to write code that can handle mistakes, bad data, and attempts to misuse the system.

Section 1: What is Robust Programming?

The Goal of Robustness

A robust program is one that doesn't crash, even when something unexpected happens. It’s tough!

Imagine you ask a user for their age. What happens if they accidentally type "twenty-five" instead of "25"? A robust program will spot the error, politely ask the user to fix it, and continue running. A non-robust program might just stop working entirely (crash).

Why Do Programs Become Unreliable?

• Bad Data: The most common reason! Users inputting incorrect types of data (like text when a number is needed).
• Unexpected Situations: Files being deleted, network connections dropping, or the program running out of memory.
• Hacker Attempts: Someone intentionally trying to break the program to gain access to data.

Key Takeaway: Robustness means your program is reliable and handles mistakes gracefully instead of crashing.

Section 2: Making Code Robust – Input Validation

What is Input Validation?

Input validation is the process of checking the data entered by a user (or coming from another source) to make sure it is sensible, complete, and in the correct format before the program uses it.

Analogy: Think of input validation like a bouncer at a club. The bouncer (validation) checks every person (data input) to make sure they meet the rules (correct age, correct ID format) before letting them inside the club (the main program).

If the data fails validation, the program should display a clear error message and ask the user to re-enter the data.

Types of Validation Checks (R-T-L-P-F)

There are several standard checks programmers use. Knowing these types is essential for the exam!

1. Range Check

Checks whether the data falls within a minimum and maximum limit.

• Example: If asking for the number of hours worked in a week, you might set the range from 1 to 168 (since there are 168 hours in a week). Any number outside this range should be rejected.

2. Type Check

Checks whether the data is the correct data type (e.g., integer, string, boolean).

• Example: If you need the user's age (which must be a number/integer), the program checks if the input contains only digits. If the user types "one," it fails the type check.

3. Length Check

Checks whether the data has the required number of characters. This usually involves setting a minimum length, a maximum length, or an exact length.

• Example: A password might require a minimum length of 8 characters. A UK phone number might require exactly 11 digits.

4. Presence Check (or Existence Check)

Checks whether data has actually been entered into a field. Was the box left empty?

• Example: If a user tries to submit an online form, a presence check ensures that required fields (like Username or Email) are not blank.

5. Format Check (or Pattern Check)

Checks whether the data matches a specific pre-defined pattern. This is often used for codes or IDs.

• Example: A UK postcode should have a specific mix of letters and numbers (e.g., SW1A 0AA). An email address must contain an "@" symbol and a ".".

Key Takeaway: Validation ensures data quality. Robust programs must validate inputs to prevent crashes and bad data from entering the system.

Section 3: Secure Programming – Authentication and Access

Security in programming focuses on protecting the program and the data it handles from unauthorized access or malicious harm.

What is Authentication?

Authentication is the process of verifying that a user is who they claim to be. This is typically the first line of defense for any system.

Analogy: This is like showing your passport at the airport. You must prove your identity before you are allowed to proceed.

Username and Password Systems

The most common authentication method relies on the user providing something they know (the password) and sometimes something they have (the username/ID).

Did you know? Programmers must never store passwords as plain text! If a hacker steals the database, they would instantly have everyone's passwords.

Instead, passwords should be hashed. Hashing is a one-way mathematical function that turns a password (like "MyCat123") into a long, gibberish code (like "d34f0c4a..."). Even if the hacker steals the gibberish, they cannot easily reverse it to find the original password.

Two-Factor Authentication (2FA)

For highly secure systems, basic username/password is not enough. This is where Two-Factor Authentication (2FA) comes in.

2FA requires the user to provide two different types of verification before being granted access, making the system much more secure.

These two factors usually come from three categories:

1. Something you know: Password or PIN.
2. Something you have: A mobile phone (to receive a text code), a security key, or an access card.
3. Something you are: Biometrics like a fingerprint or facial recognition.

Example: When you log into your bank account, you enter your password (Factor 1: Something you know), and then the bank sends a temporary code to your mobile phone (Factor 2: Something you have).

Key Takeaway: Authentication verifies identity. Modern systems use hashing for passwords and 2FA for maximum security, requiring two independent forms of proof.

Section 4: Good Coding Practices for Maintenance and Robustness

Robustness isn't just about handling user errors; it's also about making the code easy to fix and update later. This is called maintenance.

Clear, Readible Code

A programmer must write code that is easy for someone else (or their future self!) to understand. This improves robustness because it makes spotting and fixing errors much quicker.

1. Use Meaningful Identifier Names

Variable names should clearly explain what they hold.

• Bad Example:

  i = 0
  d = i + 10

• Good Example:

  numberOfItems = 0
  totalCost = numberOfItems + priceOfDelivery

2. Use Internal Commentary

Comments are notes added directly into the code that the computer ignores. They explain what the code is doing and why.

Adding comments is crucial for maintenance. If an error occurs in a complex section of code, well-placed comments help the maintenance team understand the original programmer's intention immediately.

Example in Python-style commentary:

# This loop calculates the running total of sales.
for sale in salesList:
runningTotal = runningTotal + sale

Avoiding Common Security Mistakes

Secure programming requires constant awareness. One key area is handling access privileges.

• Avoid Hardcoding Secrets: Never embed passwords, secret keys, or sensitive information directly into the code itself.
• Principle of Least Privilege: A user (or a program component) should only have the minimum access rights needed to do its job. For example, a website visitor should not have the permission to delete the database.

Key Takeaway: Good coding practices—meaningful names and detailed comments—make code maintainable, which is vital for long-term robustness and security.

Summary and Final Thoughts

Congratulations! You've learned how to make your programs tough and secure. Remember that a program is only as good as its ability to handle bad inputs.

The core concepts to master are:

• Robustness: Handling unexpected events without crashing.
• Input Validation: Using checks (Range, Type, Length, Presence, Format) to ensure data quality.
• Authentication: Verifying identity, ideally using 2FA, and always storing passwords securely (hashed).
• Maintenance: Writing clear code with comments for future updates and fixes.

Keep practising your validation checks, and soon, you'll be writing truly professional, reliable programs!