Imagine a world ten years from now. Programmers know everything there is to know about their language, algorithms, and requirements. They apply this knowledge to produce flawless programs, which work correctly the first and every time. Users read the manuals, never provide false or misleading input, and always know what to do next. Clients never change their minds and maintenance is unnecessary.
You can wake up now. We both know this won’t happen so long as boneheads like us keep programming, morons like our customers keep giving us incomplete and perpetually changing requirements, and the prerequisite for being a user is that you demonstrate zero ability to read, think, or act without tech support or a programmer holding your hand. Everyone in the programmer-client-user world is a weak link, and programmers must be prepared for mistakes. There are three major classes of mistakes: user mistakes, client mistakes, and programmer mistakes.
When users are to blame, it’s typically because they do something like providing incorrect input to your program, or calling your program in an unexpected way. Paranoid programmers check everything provided by the users (and use the taint mechanism to help them). This has the side benefit of making their programs more secure against exploitation by The Bad Guys. The Bad Guys like to mess with a program’s environment, input, and configuration files, in the hope they can trick it into displaying ...