0

I'm just reading a book about Software Engeneering Design (book on amazon). I can not understand an example of correct and incorrect requirement, described in the book.

The book says:

  • the incorrect requirement is:

    The software shall require users to log on using a unique combination of user ID and password.

  • the correct requirement is:

    The software shall require users to log on using a user ID and password. The software shall require users to log on using a valide-mail address.

To illustrate the problem of requirements correctness, the book presents the example:

Example is based on requirements for a computer security system for which it requires users to log on using a unique combination of user ID and password.

In this case, when users attempt to log on using already existing user name or password, the system is required to reject the attempt, therefore giving insight into someone else's logon information.

How it is possible to give insight into user's logon information? What information can be obtained from the rejection of log on?

David
  • 102
  • 9

1 Answers1

2

If you get a rejection that means that either the username or the password is already used by someone else. So if I chose p@assw0rd as my password and someone else already has it as a password it will get rejected, so then I know that this is someones password and I could give it a try.

Nevertheless I guess the point is to illustrate that when writing down requirements you have to be accurate. Maybe the example is not clear.

andreadi
  • 1,953
  • 1
  • 20
  • 35