Murphy’s law: If anything can go wrong, it will.
It is true.
So true that we hear of it everywhere. We take precautions to manage failure. We have remarkable exception handling mechanisms in our programming languages. In spite of all our efforts, systems fail. So what should a system do when it is going to fail?
Here are two basic strategies you many stick to in case your systems fail.
1. Fail Gracefully
Tell the user that an error has occurred. Complete or roll back any ongoing transaction, and inform the user about the action taken. Don’t ever make the user wonder where his data (or money, or effort) went.
2. Fail Securely
Fail closed. The default should be secure.
And how to fail securely? The best way is to design the security with your product, not add it later like an add-on.
The security part of your application should not fail without shutting down the whole application. If not, the hole in the application will bring down the application anyway with catastrophic results.
Note that in the above figure, I am not referring to modules in your design. Of course, your security module will be different from the other modules. At the same time, once the application is up and running, it should not be an isolated module that could be shut down independently.
For instance your application should not give out a message like:
Sorry. Our authentication Server is down and we cannot verify your password. You can now login with just your username.
I am sure that you are aware of the importance of these two factors. Just educate your fellow developers too.
Finally, here are some more Murphy’s laws for the lol-fans:
- If anything simply cannot go wrong, it will anyway.
- If there is a possibility of several things going wrong, the one that will cause the most damage will be the one to go wrong. Corollary: If there is a worse time for something to go wrong, it will happen then.
- If anything simply cannot go wrong, it will anyway.
- If you perceive that there are four possible ways in which a procedure can go wrong, and circumvent these, then a fifth way, unprepared for, will promptly develop.