Starting off on the wrong foot…
I have mixed feelings about the WJEC/AQA A-Level Computing course available in the majority of UK Colleges - in some aspects it’s a good introduction to basic computing practices, but in other aspects it really does teach you to do things the wrong way.
This year, the practical project is to design a reward system for use by a school to reward students for various merits, through which they earn points that can be redeemed for physical prizes. Easy, huh?
Our college chooses to teach the .NET programming language - great for beginners! Fellow classmates are amazed at how easy software development is - they just drag and drop controls and enter a few commands to create a functional program. I really do think that this is the best way to introduce software development and get people interested.
However, I think teaching poor method and procedure is completely unacceptable.
We are developing a system that deals with usernames and passwords, but the current curriculum does not cover security. Students in my computing class are being taught to store usernames and passwords in plain text, in the same file, in a predictable location (application directory).
They’re also being taught to store this information in text files, which doesn’t happen in practice. I believe a simple database such as sqlite should be used and explained.
Security is the biggest issue I have with this - I believe it is giving future software engineers a completely incorrect idea of how not just authentication, but correct security practice in general, is carried out. I think this is unacceptable.
However, I’m developing my system in Ruby atop of the Ruby on Rails framework, instead of using .NET (a personal preference), and am using industry standard salting and hashing methods to ensure that users’ credentials are completely secure.
I do conceed that password salting and hashing is probably too complex to teach complete beginners - but nothing is stopping the curriculum from including something basic such as character substitution.
Are you studying A-Level Computing, or have done? I’d like to hear your thoughts and opinions on this subject, feel free to share them with me!
