Validation & Authentication — AQA GCSE CS (8525)

Spec & Goals 3 min

AQA Spec 3.2.11 · Robust and secure programming

By the end of this lesson you can:

Describe common validation checks and what each one tests.
Write a range check that re-asks for input until it is sensible.
Explain how authentication confirms a user's identity.

Warm-Up 5 min

Last lesson you saw how scope and subroutines keep a program tidy. Today we make a program robust — hard to break with bad input.

Quick starter

A form asks for a pupil's age at SMK Bandar Utama. Which of these inputs should the program reject?

14
-3
two hundred
15

Reveal the answer

Reject -3 (not a sensible age) and two hundred (not a number). The program should check input before using it.

Key Concept — checking input is sensible 14 min

Validation checks that input is sensible or allowed before the program uses it. It does not check that the input is correct.

Common validation checks

Each check tests one thing. You earn marks by naming the check and saying what it does.

Check	What it tests
Range check	The value is between an allowed lower and upper limit (e.g. a mark 0–100).
Length check	The input has an allowed number of characters (e.g. a password ≥ 8).
Presence check	A required field is not left empty.
Format / type check	The input matches a required pattern or data type (e.g. a number, a date).
Lookup check	The value is one of a fixed list of allowed entries (e.g. a valid state code).

Authentication

Authentication confirms who a user is before the system trusts them. The most common method is a username plus a password.

Data sanitisation

Data sanitisation removes or escapes unsafe characters from input. This stops malicious data from breaking or attacking the program.

Worked Example — a range check and a password check 12 min

Problem: ask for a test mark and keep asking until it is between 1 and 100, then check a password.

AQA pseudo-code — range check with a loop

mark ← USERINPUT
WHILE mark < 1 OR mark > 100 DO
    OUTPUT 'Mark must be 1 to 100. Try again.'
    mark ← USERINPUT
ENDWHILE
OUTPUT 'Accepted mark: '
OUTPUT mark

The same idea with a REPEAT loop, which always asks at least once:

REPEAT
    OUTPUT 'Enter a mark 1 to 100:'
    mark ← USERINPUT
UNTIL mark ≥ 1 AND mark ≤ 100
OUTPUT mark

AQA pseudo-code — a simple password check

CONSTANT password ← 'Selangor28'
attempt ← USERINPUT
IF attempt = password THEN
    OUTPUT 'Access granted'
ELSE
    OUTPUT 'Access denied'
ENDIF

The same algorithms in Python

mark = int(input("Enter a mark 1 to 100: "))
while mark < 1 or mark > 100:
    print("Mark must be 1 to 100. Try again.")
    mark = int(input("Enter a mark 1 to 100: "))
print("Accepted mark:", mark)

password = "Selangor28"
attempt = input("Enter your password: ")
if attempt == password:
    print("Access granted")
else:
    print("Access denied")

Try It Yourself 12 min

🟢 Easy

Goal: Name the validation check that makes sure a field is not left empty.

Hint: it checks something is present.

🟡 Medium

Goal: Write AQA pseudo-code that keeps asking for a year group until the value is between 1 and 6.

Hint: use a WHILE or REPEAT loop and re-read the input inside it.

🔴 Stretch

Goal: Write pseudo-code that performs a length check, rejecting a password shorter than 8 characters.

Hint: use LEN(password) < 8 in the test.

📝 Exam Practice 10 min

Answer the way the examiner expects — the command word and the marks tell you how much to write.

Describe[2 marks]

Name two validation checks and describe what each one does.

Mark scheme

One check named with its purpose, e.g. range check — value is within allowed limits (1).
A second, different check named with its purpose, e.g. presence check — a required field is not empty (1).
Accept length check, format/type check or lookup check with a correct description.

State[2 marks]

State the difference between validation and verification.

Mark scheme

Validation checks input is sensible / reasonable / of an allowed type (1).
Verification checks data was entered / copied accurately (1).

Describe[2 marks]

Describe how authentication protects a system.

Mark scheme

It confirms the user's identity, e.g. by checking a username and password (1).
Only an authenticated user is granted access, so unauthorised users are blocked (1).

Recap & Key Terms 3 min

Validation checks that input is sensible, using range, length, presence, format and lookup checks. Authentication confirms identity, usually with a username and password. Validation is not verification.

Validation: An automatic check that input is sensible / reasonable / of an allowed type.
Range check: Tests that a value is between an allowed lower and upper limit.
Length check: Tests that the input has an allowed number of characters.
Presence check: Tests that a required field has not been left empty.
Authentication: Confirming a user's identity, usually with a username and password, before granting access.

Homework 1 min

Task (≤ 15 min): Write, in AQA pseudo-code, a routine that keeps asking for a temperature until it is between −10 and 50.

Model answer

REPEAT
    OUTPUT 'Enter a temperature −10 to 50:'
    temp ← USERINPUT
UNTIL temp ≥ -10 AND temp ≤ 50
OUTPUT temp

Award marks for: a loop that repeats (1), a correct range test using AND (1), re-reading the input inside the loop (1).

Spec & Goals 3 min

AQA Spec 3.2.11 · Robust and secure programming

By the end of this lesson you can:

Describe common validation checks and what each one tests.
Write a range check that re-asks for input until it is sensible.
Explain how authentication confirms a user's identity.

Warm-Up 5 min

Last lesson you saw how scope and subroutines keep a program tidy. Today we make a program robust — hard to break with bad input.

Quick starter

A form asks for a pupil's age at SMK Bandar Utama. Which of these inputs should the program reject?

14
-3
two hundred
15

Reveal the answer

Reject -3 (not a sensible age) and two hundred (not a number). The program should check input before using it.

Key Concept — checking input is sensible 14 min

Validation checks that input is sensible or allowed before the program uses it. It does not check that the input is correct.

Common validation checks

Each check tests one thing. You earn marks by naming the check and saying what it does.

Check	What it tests
Range check	The value is between an allowed lower and upper limit (e.g. a mark 0–100).
Length check	The input has an allowed number of characters (e.g. a password ≥ 8).
Presence check	A required field is not left empty.
Format / type check	The input matches a required pattern or data type (e.g. a number, a date).
Lookup check	The value is one of a fixed list of allowed entries (e.g. a valid state code).

Authentication

Authentication confirms who a user is before the system trusts them. The most common method is a username plus a password.

Data sanitisation

Data sanitisation removes or escapes unsafe characters from input. This stops malicious data from breaking or attacking the program.

Worked Example — a range check and a password check 12 min

Problem: ask for a test mark and keep asking until it is between 1 and 100, then check a password.

AQA pseudo-code — range check with a loop

mark ← USERINPUT
WHILE mark < 1 OR mark > 100 DO
    OUTPUT 'Mark must be 1 to 100. Try again.'
    mark ← USERINPUT
ENDWHILE
OUTPUT 'Accepted mark: '
OUTPUT mark

The same idea with a REPEAT loop, which always asks at least once:

REPEAT
    OUTPUT 'Enter a mark 1 to 100:'
    mark ← USERINPUT
UNTIL mark ≥ 1 AND mark ≤ 100
OUTPUT mark

AQA pseudo-code — a simple password check

CONSTANT password ← 'Selangor28'
attempt ← USERINPUT
IF attempt = password THEN
    OUTPUT 'Access granted'
ELSE
    OUTPUT 'Access denied'
ENDIF

The same algorithms in Python

mark = int(input("Enter a mark 1 to 100: "))
while mark < 1 or mark > 100:
    print("Mark must be 1 to 100. Try again.")
    mark = int(input("Enter a mark 1 to 100: "))
print("Accepted mark:", mark)

password = "Selangor28"
attempt = input("Enter your password: ")
if attempt == password:
    print("Access granted")
else:
    print("Access denied")

Try It Yourself 12 min

🟢 Easy

Goal: Name the validation check that makes sure a field is not left empty.

Hint: it checks something is present.

🟡 Medium

Goal: Write AQA pseudo-code that keeps asking for a year group until the value is between 1 and 6.

Hint: use a WHILE or REPEAT loop and re-read the input inside it.

🔴 Stretch

Goal: Write pseudo-code that performs a length check, rejecting a password shorter than 8 characters.

Hint: use LEN(password) < 8 in the test.

📝 Exam Practice 10 min

Answer the way the examiner expects — the command word and the marks tell you how much to write.

Describe[2 marks]

Name two validation checks and describe what each one does.

Mark scheme

One check named with its purpose, e.g. range check — value is within allowed limits (1).
A second, different check named with its purpose, e.g. presence check — a required field is not empty (1).
Accept length check, format/type check or lookup check with a correct description.

State[2 marks]

State the difference between validation and verification.

Mark scheme

Validation checks input is sensible / reasonable / of an allowed type (1).
Verification checks data was entered / copied accurately (1).

Describe[2 marks]

Describe how authentication protects a system.

Mark scheme

It confirms the user's identity, e.g. by checking a username and password (1).
Only an authenticated user is granted access, so unauthorised users are blocked (1).

Recap & Key Terms 3 min

Validation: An automatic check that input is sensible / reasonable / of an allowed type.
Range check: Tests that a value is between an allowed lower and upper limit.
Length check: Tests that the input has an allowed number of characters.
Presence check: Tests that a required field has not been left empty.
Authentication: Confirming a user's identity, usually with a username and password, before granting access.

Homework 1 min

Task (≤ 15 min): Write, in AQA pseudo-code, a routine that keeps asking for a temperature until it is between −10 and 50.

Model answer

REPEAT
    OUTPUT 'Enter a temperature −10 to 50:'
    temp ← USERINPUT
UNTIL temp ≥ -10 AND temp ≤ 50
OUTPUT temp

Award marks for: a loop that repeats (1), a correct range test using AND (1), re-reading the input inside the loop (1).