Defensive Design Principles

This lesson introduces defensive design as required by OCR J277 Section 2.4. Defensive design is a programming approach that anticipates potential problems and builds safeguards into the code to prevent errors, misuse, and security vulnerabilities. This topic is distinctive to OCR and is central to producing robust programs.

---

What Is Defensive Design?

Defensive design means writing code that anticipates things going wrong and handles them gracefully. Instead of assuming the user will always provide valid input or that the system will always work perfectly, a defensive programmer plans for errors.

The key principles of defensive design include:

Principle	Description
Input validation	Checking that data entered by the user is reasonable and correct before processing it
Authentication	Verifying the identity of users before allowing access
Planning for contingencies	Handling unexpected situations (e.g. file not found, network errors)
Maintainability	Writing code that is easy to read, understand, and modify

---

Why Is Defensive Design Important?

Programs interact with users, files, networks, and other systems — all of which can produce unexpected data or behaviour. Without defensive design:

• Incorrect input could cause crashes or wrong results
• Malicious users could exploit vulnerabilities
• Edge cases could produce unexpected behaviour
• Maintenance becomes difficult if code is poorly written

OCR Exam Tip: When the exam asks about defensive design, always link it to the idea of making programs more robust — meaning they can handle unexpected situations without crashing or producing incorrect results.

---

Example: Without Defensive Design

# Dangerous — no validation, no error handling
age = int(input("Enter your age: "))
print("In 10 years you will be", age + 10)

What could go wrong?

• User enters text like "hello" → crash (cannot convert to int)
• User enters a negative number like -5 → nonsensical output
• User enters a very large number like 999 → unrealistic result

---

Example: With Defensive Design

OCR Pseudocode:

do
    age = input("Enter your age: ")
    if NOT age.isNumeric() then
        print("Error: please enter a number")
    elseif int(age) < 0 OR int(age) > 150 then
        print("Error: age must be between 0 and 150")
    endif
until age.isNumeric() AND int(age) >= 0 AND int(age) <= 150

age = int(age)
print("In 10 years you will be " + str(age + 10))

Python:

while True:
    age_input = input("Enter your age: ")
    if not age_input.isdigit():
        print("Error: please enter a number")
    elif int(age_input) < 0 or int(age_input) > 150:
        print("Error: age must be between 0 and 150")
    else:
        break

age = int(age_input)
print("In 10 years you will be", age + 10)

This version handles:

• Non-numeric input (type check)
• Out-of-range values (range check)
• Keeps asking until valid input is provided (validation loop)

---

The Principles in Practice

1. Anticipate Misuse

Always assume users may enter unexpected data — either accidentally or deliberately. Design your program to handle:

• Empty inputs
• Wrong data types
• Values outside expected ranges
• Extremely long inputs
• Special characters or injection attempts

2. Handle Errors Gracefully

When something goes wrong, the program should:

• Display a clear, helpful error message
• Allow the user to try again
• Not crash or display technical error messages

3. Keep the User Informed

• Provide clear prompts explaining what input is expected
• Give specific feedback when input is invalid (e.g. "Please enter a number between 1 and 100" rather than just "Invalid input")

---

Defensive Design and the Development Process

Stage	Defensive Design Activity
Design	Identify potential inputs, edge cases, and risks
Implementation	Add validation, error handling, and authentication
Testing	Use normal, boundary, and erroneous test data
Maintenance	Write clear, well-commented, maintainable code

---

Summary

• Defensive design anticipates and handles potential problems in programs.
• Key principles include input validation, authentication, and maintainability.
• Defensive programs handle errors gracefully rather than crashing.
• Always assume users may provide unexpected or malicious input.
• Defensive design is applied throughout the entire development process.

OCR Exam Tip: Defensive design questions often ask you to identify what could go wrong with a piece of code and suggest improvements. Look for: missing validation, no error messages, potential crashes from bad input, and lack of authentication. Each improvement you suggest should be linked to a specific problem.