In a recent tweet a friend of mine (Selena Delesie) stated that she is “Surprised to discover there are programmers who still don’t put limits, data type restrictions, and error handling on form fields.”
As much as I like twitter I soon came to realize that I couldn’t put my answer in 140 characters – not even with unicode tricks.
But I’m not surprised at all – and I don’t even think it’s a bad thing that there are unchecked fields on forms.
As I said in my reply:
“depends on context & is a tradeoff between effort & possible harm.
user ∈ inhouse dev ⇢ lax checks”
user ∈ public ⇢ strict checks [didn’t fit in the 140characters limit]
The scenario for user ∈ inhouse dev ⇢ lax checks
This would probably also be a ‘C’ or a very small ‘D’ on the cockburn scale, wich is explained in more detail at Alistair’s own site.
If I build a 3-hour effort tool for me and my fellow developers to manipulate database metadata and that is intended to run only on our development machines I probably
- won’t put too much effort into checks against SQL-Injection – we can do all the harm we want anyway [and it doesn’t matter much if we accidentally write “drop database;” in the database’s command window or in an unchecked entry field]
- won’t put to much effort into checks against the wrong type – I’m pretty sure all of the intended users (e.g. me and three co-workers) can handle an error message like “invalid type at line 8745 in “
- won’t care if it’s possible to enter 4gb of data through one of the entry field – the possible harm is well within acceptable limits for the stakeholders (me and my colleagues) and the harm could be achieved in much simpler ways
The scenario for user ∈ public ⇢ strict checks
On the other end of the spectrum would be a piece of software used by a large number of people who might or might not have have malicious intentions and where incorrect values might cause harm to serious money or even life (that would be a bigger ‘D’ an ‘E’ or an ‘L’ on the cockburn scale IMO.
The classic ‘E’ example for me is the ATM where I probably
- would make sure that only numbers are entered by using a hardware keyboard that only consists of numbers [and check the input values to be a little bit safer with respect to physical attacks]
- would replace drop-down boxes by large hardware buttons at the edge of the screen
- and so forth
The ‘L’ examples that come to my mind are mostly related to heavy machinery or medical equipment – in both cases the aforementioned principle – limit the choices and represent data entry through manipulation of physical objects – are heavily applied.
Most application fall somewhere in between and nowadays more and more applications that deal with essential money (e.g. online banking) are realized without the hardware representation. In these cases, especially for applications running on the internet, I would
- Put limits on the length of input data – on the client if possible and on the server just to make sure
- Make sure the data that get’s typed in represents the correct types * as early as sensible [that might be on the client – I’d add a server side check for good measure in all cases and might drop the client side check if it becomes to intrusive for the user.
- Implement an error handling scheme that gives helpful information to the use with as much detail as he requests and informs the developers and maintainers of the system of the possible quirks in the system at the same time so that the UX can be optimized to have less occurrences of that specific error in future releases.
The problem with the two scenarios “user ∈ inhouse dev ⇢ lax checks” and “user ∈ public ⇢ strict checks”
is that most applications are somewhere between them. And sometimes application evolve from a little developer-on-the-team-only helper application to something that is used by more and more people so the last responsible moment ** to rework my three our project to a product becomes hard to determine. But if I as a developer kept my options open (e.g. because clean coding has become a second nature) it should be possible to productize the tool.
But – it has to be a conscious decision!
In my opinion it neither makes sense to make a cheap tool cat-proof nor is it responsible craftsmanship to offer a product to the public that doesn’t employ proper checks.
* but that is a topic for another article – the only type that a user with a keyboard can key in is “array of characters” – what it represents is 100% context: e.g. “feed” might be a word in one case – it’s the hexadecimal representation of 65261 in others.
** See e.g. Mary and Tom Popendiek on the topic of the last responsible moment and the keeping of options. Due to a fancy website design on their side I can’t provide a link though – but as of 2011-01-22 the statements can be found after clicking on “focus on learning” in the principles box on the left hand side of their website.
BTW: I really wonder how this page with the “is element of” and the arrows will display on other browsers and systems…